Network overview: how to see private openvpn network instead of public one?

I am running openvpn behind an openvpn so it's listening on tun0 interface, on address 10.8.0.1.
It works

In the Network overview page, I see two rows, my server's PUBLIC IP address and the broadcast address ( identical, but ending in .254).

Is there a way to see my openvpn network instead?
I'd like to 10.8.0.2, 10.8.0.3, etc...

Yes, but only if you manage to get your OpenVPN clients to show up in your Pi-hole's ARP cache.

See the output of the command

ip neigh
1 Like

This is the output, I see public ips

root@pihole:~# ip neigh
80.x.y.1 dev eth0 lladdr 00:00:...etc. REACHABLE
80.x.y.254 dev eth0 lladdr 00:50:...etc... STALE
fe80::...etc.. dev eth0  FAILED

How does

ip a

look like?

1 Like
ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:50:56:xx:xx:xx brd ff:ff:ff:ff:ff:ff
    inet 80.211.xxx.xxx/24 brd 80.211.xxx.255 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::9638:xxxx:xxxx:241/64 scope link 
       valid_lft forever preferred_lft forever
3: eth1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state DOWN group default qlen 1000
    link/ether 00:50:56:xx:xx:xx brd ff:ff:ff:ff:ff:ff
4: eth2: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state DOWN group default qlen 1000
    link/ether 00:50:56:xx:xx:xx brd ff:ff:ff:ff:ff:ff
5: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 100
    link/none 
    inet 10.8.0.1/24 brd 10.8.0.255 scope global tun0
       valid_lft forever preferred_lft forever
    inet6 fe80::a5fe:xxxx:xxxx:xxxx/64 scope link flags 800 
       valid_lft forever preferred_lft forever

Why are you on this subnet? Do you run your machines directly with globally unique addresses?

I'am running pihole on VPS, but, before you all kill me

  • to avoid public exposition, port 53 connection is NOT accepted on eth0, but only on tun0
  • tun0 is the VPN created by OpenVpn
  • pihole is configured to listen only on tun0
  • also port 80 is behind vpn

So my VPS is not visible when someone scans port 80, 433, or 53

My VPS obviously has a public ip, static
Using OpenVPN, when connected, and only when connected, I can access pihole as 10.8.0.1.

It is running fine sincr some month and I have not unlegitimed traffic of any kind.

I'd like, just, to be able to see my tun0 network instead of eth0 pubblic address network. I cannot know if it is possibile, and probably it's not needed or usefull at all. But, of course, listening on tun0 and seing another network is no usefull for me.

Sorry, I missed this obvious possibility for your configuration. I guess it will not work in this case as we can -- due to technical restrictions -- only scan physically connected networks. The VPN, however, is a "simulated" network that does not really exist without the VPN software. We do not have access to the connected clients over VPN using the kernel's neighbor cache.

We could theoretically scan the file /etc/openvpn/ipp.txt, however, users tend to vary their configurations quite a bit and not all are using OpenVPN, too, so I'm sorry to tell you that I don't think there is a way to achieve what you are looking for in any matter that would be straightforward for us to add.

You could theoretically add your VPN clients manually to the network table in /etc/pihole/pihole-FTL.db, however, new clients wouldn't get automatically added.

1 Like

Very thanks for your help, time and all of replies.

I will change something in the way I create new OpenVpn users to force static vpn ips. So I can save into pihole using command line calls when I generate a new .ovpn config file.

i THINK I will be able to automatize this thanks your documentation of internal .db structure.

You can close this thread.

Feel free to ask if you need any help with the database.

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.