root@pihole:~# ip neigh
80.x.y.1 dev eth0 lladdr 00:00:...etc. REACHABLE
80.x.y.254 dev eth0 lladdr 00:50:...etc... STALE
fe80::...etc.. dev eth0 FAILED
I'am running pihole on VPS, but, before you all kill me
to avoid public exposition, port 53 connection is NOT accepted on eth0, but only on tun0
tun0 is the VPN created by OpenVpn
pihole is configured to listen only on tun0
also port 80 is behind vpn
So my VPS is not visible when someone scans port 80, 433, or 53
My VPS obviously has a public ip, static
Using OpenVPN, when connected, and only when connected, I can access pihole as 10.8.0.1.
It is running fine sincr some month and I have not unlegitimed traffic of any kind.
I'd like, just, to be able to see my tun0 network instead of eth0 pubblic address network. I cannot know if it is possibile, and probably it's not needed or usefull at all. But, of course, listening on tun0 and seing another network is no usefull for me.
Sorry, I missed this obvious possibility for your configuration. I guess it will not work in this case as we can -- due to technical restrictions -- only scan physically connected networks. The VPN, however, is a "simulated" network that does not really exist without the VPN software. We do not have access to the connected clients over VPN using the kernel's neighbor cache.
We could theoretically scan the file /etc/openvpn/ipp.txt, however, users tend to vary their configurations quite a bit and not all are using OpenVPN, too, so I'm sorry to tell you that I don't think there is a way to achieve what you are looking for in any matter that would be straightforward for us to add.
You could theoretically add your VPN clients manually to the network table in /etc/pihole/pihole-FTL.db, however, new clients wouldn't get automatically added.
Very thanks for your help, time and all of replies.
I will change something in the way I create new OpenVpn users to force static vpn ips. So I can save into pihole using command line calls when I generate a new .ovpn config file.
i THINK I will be able to automatize this thanks your documentation of internal .db structure.