OpenVPN and Pihole on AWS Lightsail. VPN Connects, but unable to reach websites

diameter · February 6, 2019, 5:11am

So I followed these great instructions per your documentation
https://docs.pi-hole.net/guides/vpn/

Test. I connect to VPN and all works fine. I can access web sites, etc

Then I add the firewall rules per:

And Test:
I can connect to VPN fine. However, now all websites hang. I can't connect to any websites

Here are my rules listed:

Chain INPUT (policy DROP)
num target prot opt source destination
1 ACCEPT all -- anywhere anywhere
2 ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
3 ACCEPT tcp -- anywhere anywhere tcp dpt:domain
4 ACCEPT udp -- anywhere anywhere udp dpt:domain
5 ACCEPT tcp -- anywhere anywhere tcp dpt:http
6 ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
7 ACCEPT tcp -- anywhere anywhere tcp dpt:openvpn
8 ACCEPT udp -- anywhere anywhere udp dpt:openvpn
9 REJECT udp -- anywhere anywhere udp dpt:80 reject-with icmp-port-unreachable
10 REJECT tcp -- anywhere anywhere tcp dpt:https reject-with tcp-reset
11 REJECT udp -- anywhere anywhere udp dpt:443 reject-with icmp-port-unreachable

Please help. Thank you!

CloudEric · February 6, 2019, 11:39pm

I haven't messed with Lightsail but here's the firewall rules from my AWS CloudFormation template.

  OpenVPNInstanceSG:
    Type: AWS::EC2::SecurityGroup
    DependsOn: myVPC
    Properties:
      GroupName: pihole-security-group
      GroupDescription: SG for pihole Server
      VpcId: !Ref myVPC
      SecurityGroupIngress:
        - CidrIp: 0.0.0.0/0
          Description: Allow all traffic to port 80
          IpProtocol: tcp
          FromPort: 80
          ToPort: 80
        - CidrIp: 0.0.0.0/0
          Description: Allow all traffic to port 443
          IpProtocol: tcp
          FromPort: 443
          ToPort: 443
        - CidrIp: 0.0.0.0/0
          Description: Allow all traffic to port 53/tcp
          IpProtocol: tcp
          FromPort: 53
          ToPort: 53
        - CidrIp: 0.0.0.0/0
          Description: Allow all traffic to port 53/udp
          IpProtocol: udp
          FromPort: 53
          ToPort: 53
        - CidrIp: !Ref ClientIPCIDR
          Description: OpenVPN Port
          IpProtocol: udp
          FromPort: !Ref OpenVPNPort
          ToPort: !Ref OpenVPNPort
        - CidrIp: !Ref ClientIPCIDR
          Description: SSH Port
          IpProtocol: tcp
          FromPort: 22
          ToPort: 22
      Tags:
        -
          Key: Name
          Value: Pi-hole SG

system · February 28, 2019, 7:15am

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.