Openvpn + DNS works well only if all traffic is routed via VPS

#1

Please follow the below template, it will help us to help you!

Pi hole installed with openvpn using the official guide.
Removed the “push “redirect-gateway def1 bypass-dhcp”” so that only DNS traffic will be routed via the tunnel.
When I do this,

  • ads are being blocked
  • websites are being resolved

But google play store will NOT let me download ANY app.
However, If I redirect all traffic through the tunnel, everything works fine (and play store will let me download apps)

I have tested this in the following scenarios and everytime I have had the same issue:
Setup 1) pi hole + openvpn on same server on VPS
setup 2) pi hole + openvpn on different servers connected via private networks on VPS
setup 3) pi hole + openvpn in my home network.

Expected Behaviour:

When routing only DNS, Pi hole works perfectly and allows me to do everything including download apps from the google play store

Actual Behaviour:

Unable to download apps from the google play store. It gets stuck on “Downloading” See attached screenshot:
IMG_20190419_141625

Debug Token:

lsjuycy9dr!

#2

Any clues?

assigned RamSet #3
#4

I think there’s something else happening there.

From the sound of it, everything is working as expected/fine.

It’s a weird behavior especially because if and when you route the traffic through the VPN, it’s working fine, where as if you do only DNS, it fails.

I believe the android device is getting confusing information (one from DNS and one forced by the android OS) and it halts.

I cannot test it on my side as I don’t have any remote android devices that VPN in my network.

Android is known to force and override DNS settings and something doesn’t add up when using VPN, especially for the Play store.
Play store uses the following addresses:

See if you see any hits in the admin console for those domains and if possible, whitelist them and try it like that.

unassigned RamSet #5
#6

Didn’t work despite whitelisting the sites… Any other ideas?

The weird part is that nothing is getting blocked. See the query log attached from when I try to download something on google play.

#7

Did an exact same setup in another location (home) and the google play still doesn’t work.
Query Logs from this new pi-hole is attached (while trying to download any app from play store)

#8

Update:

I did the exact same setup with IPSEC / IKEV2 + Pi-hole and I have the same exact result.

Can any expert provide an insight as to why this would happen?