OpenVPN Access Server and Pi-Hole

Hello everyone,
I am newbie to PiHole here so your patience is greatly appreciated.
I have learn about pihole from a friend of mine and managed to have it up and run recently, yay!!! I am very happy with the result of blocking the Ads coming through our internal network.
Next, I would like to make it work for our VPN user. We have installed OpenVPN Access Server based on Ubuntu Server 20.04.2
I have a number of the Guides about making OpenVPN and PiHole work together, this is the one I am currently referring to: https://docs.pi-hole.net/guides/vpn/openvpn/clients/
But unfortunately, it was quite a while since the guide was written. All the folder, files location that are mentioned in the guide is no longer in the same place in the newer version of OpenVPN-AS. I could not even find Server.conf or Client.conf file in the version 2.8 of the server...
How do we connect to OpenVPN-AS? We download the OpenVPN app for iOS, run it, point the address to our server's address and that's much to it. We did not import or export any client files, etc..
So, is there a newer version of the Guide where we could find the more recently configuration for this to work?
Thank you very much

Your question is not so much about customising Pi-hole, but more about the use of OpenVPN Access Server (AS). Accordingly, I have moved your topic to the Community Section, to better attract potential users with similar relevant experiences.

The guide never targeted OpenVPN Access Server, but rather the OpenVPN open source software.

I believe you probably could still make use of plain OpenVPN clients to connect to your AS instance (as opposed to dynamically creating OpenVPN Connect clients or using one of the preconfigured Connect clients available for some OSs), but I have no idea how those would count towards your VPN connection limit.

Since OpenVPN Access Server is a licensed product, with proprietary features exclusive to that platform, you may also want to consider their professional support for guidance on your configuration options.

Hello there,
Thank you for your details information.
I also contact help desk of Openvpn AS. They are troubled by the fact that, OpenVPN-AS seems to by pass the Pihole server if there is secondary DNS. However, if we remove the secondary DNS, which is our router's one, the VPN client would not be able to connect to the Internet.

By the way, we did the installation of Pihole using the bash scripts, and we also install Unbound dns as well. We then point the DNS upstream to itself, using the "Custom 1" as 127.0.0.1#5335 address

How do we check if our Pihole server can resolve the public IP address?
Thank you again

Hello :slight_smile:

Lets clarify a little bit the things so that we are on the same page.

While I have 0 experience with the enterprise version, i’ll try to help as at it’s core, the software is (should be) the same.

I can only speak from a logical standpoint though.

So, having that said, the whole logic behind the guide and the whole process, boils down to this:

  1. Have an active VPN server

  2. Tell the server to run the inbound DNS queries through the Pi-hole DNS

That’s pretty much it.

So you would need to locate the server configuration file(s) and instruct the server to do the above.

If you have the server on the same machine, you’ll want the DNS to be the IP of your VPN server instance (don’t use 127.0.0.1 as that will cause issues for the clients).
That IP will be served as the de-facto DNS to the connecting clients always (unless a secondary is also specified).

Something else is happening here.

I believe your Pi-hole is configured to listen only to the LAN IPs and not the VPN server IPs (it automatically discards packets coming in on a non allowed interface. VPN has it’s one interface. You can see the interfaes and ip information with ifconfig)

It also means that your router IS BYPASSING Pi-hole, either by not using it at all, or leaking through IPV6.

You need to trace why and where stuff breaks.

Hope I pointed you in the right way :slight_smile:

1 Like

@Ramset,

I am almost there... I did another installation of Pi-hole on a separated machine, called PH-B, (other than our current OpenVPN-AS), then config the OpenVPN-AS to push the DNS to this machine, it works.

By the way, the OpenVPN-AS Support did get back to me confirming that by pushing the DNS to an appropriate working DNS server, it should be it. I ran the log and see the result that vpn clients are being re-directed to the Pi-hole address for DNS, so the OpenVPN-AS is not a problem

So now the problem is that I have the Pi-hole and the OpenVPN-AS are installed on the same machine, and somehow they don't not talk to each other the way it shoud.

To trouble shoot this, here are what I have

1/ Host server: Ubuntu Server, 20.04.2 LTS
Manually configure IP per below:
IP address: 192.168.1.105/24
DNS 192.168.1.105
Gateway: 192.168.1.1

2/ Pi-Hole (called PH-A): installed on host, so the IP address is also 192.168.1.105

3/ OpenVPN-AS: installed on host, IP address is also 192.168.1.105
If I config DNS to push to:

  • PH-A: 192.168.1.105 (IP address of Pi-hole, but would be same as OpenVPN-AS): Doesn't work, Ads everywhere
  • PH-B: installed on different machine: It works, no Ads

Do you have any idea on how to config the host server for the OpenVPN-AS and the Pi-hole work together?

If you can share the vpn server config file, i can take a look.

Obviously sensitive information, can be removed :slight_smile:

It might be though that your Pi-hole instance does what i said above (the one on the 105) where it answers only on the LAN interface and not the other.