Openvpn + pihole : LAN works, VPN connects but no connection

capitainabloc · January 21, 2019, 1:28pm

Expected Behaviour:

Connect to internet through Pihole either on LAN or by VPN when outside

Actual Behaviour:

LAN connects well on internet through Pihole
when outside, I can connect to openVPN, I can ping the 2 addresses of Pihole, i.e 10.8.0.1 and 192.168.0.200, but I can't ping my server (192.168.0.254) neither any other LAN devices nor Internet.

I don't know what prevents me to ping outside the pihole.

here some info:

+++ from /etc/dhcpcd.conf

interface eth0
static ip_address=192.168.0.200/24
static routers=192.168.0.254
static domain_name_servers=127.0.0.1
interface tun0
static ip_address=10.8.0.1/24
static routers=192.168.0.254
static domain_name_servers=127.0.0.1

+++ route -n

Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.0.254 0.0.0.0 UG 202 0 0 eth0
10.8.0.0 0.0.0.0 255.255.255.0 U 0 0 0 tun0
192.168.0.0 0.0.0.0 255.255.255.0 U 202 0 0 eth0

+++ /etc/openvpn/server.conf

port 11942
proto udp
dev tun
sndbuf 0
rcvbuf 0
ca ca.crt
cert server.crt
key server.key
dh dh.pem
auth SHA512
tls-auth ta.key 0
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 10.8.0.1" #LAN IP of my router
push "route 192.168.0.0 255.255.255.0" #My LAN
keepalive 10 120
cipher AES-256-CBC
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 3
crl-verify crl.pem

++++ sysctl -p /etc/sysctl.conf
net.ipv4.ip_forward = 1

++++ added /etc/dnsmasq.d/99-interfaces.conf
interface=tun0

interface=eth0

thanks for your help.

Debug Token:

[twbfnqfet2]

RamSet · January 24, 2019, 7:05pm

That is actually the IP of the device that has OpenVPN (and since you are pushing it with .1 i am also assuming this is the device that has Pi-hole on it).

This might be the culprit right here.

Comment this line out and restart the OpenVPN server then try again.

capitainabloc · January 26, 2019, 9:35am

thanks for answering.
I finally managed to get it working with this:

cat /etc/openvpn/server.conf
port 11942
proto udp
dev tun
sndbuf 0
rcvbuf 0
ca ca.crt
cert server.crt
key server.key
dh dh.pem
auth SHA512
tls-auth ta.key 0
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "route 192.168.0.0 255.255.255.0"
push "dhcp-option DNS 192.168.0.200" #LAN IP of my router
keepalive 10 120
cipher AES-256-CBC
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 3
crl-verify crl.pem

but also by granting auth in iptables:

cat /etc/pihole/rules.v4
*nat
:PREROUTING ACCEPT [211:16230]
:INPUT ACCEPT [194:15238]
:OUTPUT ACCEPT [213:14408]
:POSTROUTING ACCEPT [213:14408]
-A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
COMMIT
*filter
:INPUT ACCEPT [10452:1000458]
:FORWARD ACCEPT [3561:2609740]
:OUTPUT ACCEPT [10594:3657677]
-A INPUT -i tun0 -j ACCEPT
COMMIT

system · February 16, 2019, 9:35am

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.