OUtbound + Pihole + VPN + firewall

Hello everyone,

I have raspberry pi 4. I have installed pi hole, outbound as possibily openvpn. Can't remember it was long time ago. Everything was working fine.

Today, I wanted to update my raspberry pi so it has the latest updates..etc On every other machine used at home there are no issues at all, even the IP shows as a5bcd etc... Raspberry pi has no connection to the internet, it's not because there is no broadband at home, it's because the raspberry pi seems blocking it.>

Warning in dnsmasq core:

no address range available for DHCPv6 request via wlan0

Debug Token:

[✗] There was an error uploading your debug log.
** * Please try again or contact the Pi-hole team for assistance.**

My goal was to set up the pi hole with outbound as well as VPN and firewall.

This will temporarily reset the nameserver on the Pi to bypass Pi-Hole DNS.

sudo nano /etc/resolv.conf

Edit the nameserver line to nameserver 9.9.9.9 or your preferred third party DNS service, save and exit

Run

pihole -d

and upload the debug log.

HI Bucking_Horn

Thanks for quick response. My current nameserver shows as lan : 127.0.0.1 . As far as I remember, i wanted to self-host everything, so raspberry pi should be working as vpn + pi hole as well as dns

I am trying to upload the log to tricorder but on all laptops i get white screen when in dashboard, reloading doesnt help? How can I upload it there

For a start, by following the instructions from my previous post.

https://tricorder.pi-hole.net/ihtIJzOe/

Your debug log shows your Pi-hole to have been configured for eth0, but that interface isn't connected:

*** [ DIAGNOSING ]: Networking
[✗] No IPv4 address(es) found on the eth0 interface.

[✗] No IPv6 address(es) found on the eth0 interface.

Pi-hole itself is operational and able to provide resolution via wlan0:

*** [ DIAGNOSING ]: Name resolution (IPv4) using a random blocked domain and a known ad-serving domain
[✓] levelsteelwhite.com is 0.0.0.0 on lo (127.0.0.1)
[✓] No IPv4 address available on eth0
[✓] levelsteelwhite.com is 0.0.0.0 on wlan0 (192.168.1.214)
[✓] doubleclick.com is 142.250.187.206 via a remote, public DNS server (8.8.8.8)

If your Pi-hole previously has registered with your router via eth0, this could mean that is was reachable via a different IP from its now.
You want to verify your router's configuration to that regard, and/or reconnect a a cable to eth0.
You could also run pihole -r with Reconfigure.

Your debug log also shows that there are two DHCP servers on your network - your router and your Pi-hole:

** [ DIAGNOSING ]: Discovering active DHCP servers (takes 10 seconds)
   Scanning all your interfaces for DHCP servers
   
   * Received 303 bytes from wlan0:192.168.1.1
     Offered IP address: 192.168.1.214
     DHCP options:
      Message type: DHCPOFFER (2)
      router: 192.168.1.1
      domain-name: "lan"
      dns-server: 192.168.1.1
      --- end of options ---
   
   
   * Received 300 bytes from wlan0:192.168.1.214
     Offered IP address: 192.168.1.225
     DHCP options:
      Message type: DHCPOFFER (2)
      dns-server: 192.168.1.214
      domain-name: "lan"
      router: 192.168.1.1
      --- end of options ---

This would work, as long as the router's DHCP adress range has been restricted to accommodate just your Pi-hole host machine's IP address.

Note that the router is handing out itself as DNS server, so any machine registering a DHCP lease with your router may by-pass Pi-hole - including the Pi-hole host.

If your Pi-hole host indeed acquires a DHCP lease from your router, that may even be beneficial, as that could allow the Pi-hole host to download OS updates and run Pi-hole's repair script even if Pi-hole's DNS resolver would eventually be inoperational.

However:

Since your nameserver was set to a loopback address, that would indicate that you have statically configured at least the DNS servers on the Pi-hole host machine, perhaps instead of acquiring a router DHCP lease.

In that case, you should consider to add a public DNS server to your static configuration, or to re-enable the DHCP client on your Pi-hole host.

Probably unrelated to your issue, but it seems you have attempted to block some IP addresses via Pi-hole, e.g.:

*** [ DIAGNOSING ]: Domainlist (0/1 = exact white-/blacklist, 2/3 = regex white-/blacklist)
   id     type  enabled  group_ids     domain                                                                                                date_added           date_modified        comment                                           
   -----  ----  -------  ------------  ----------------------------------------------------------------------------------------------------  -------------------  -------------------  --------------------------------------------------
   1      0           1  1             192.168.1.102

Blocking IP addresses would be a firewall's job.
As a DNS filter, Pi-hole only ever blocks domains, so this rule would effecively not be blocking anything.

Hi i have reconfigured the pihole, but it doesnt look like there is much difference. I still get errors for

[✗] No IPv4 address(es) found on the eth0 interface.

[✗] No IPv6 address(es) found on the eth0 interface.

The main difference between now and before is that while reconfiguring i have used opendns servers rather than using unboud and wireshark. (not clue how to get back to using these two)

I have changed from eth0 to wlan while reconfiguring, both were available in settings to be picked from.
https://tricorder.pi-hole.net/RcF1NXoa/

In that case, you should consider to add a public DNS server to your static configuration, or to re-enable the DHCP client on your Pi-hole host.

whole idea of using unbound, pihole was to basically to replace ISP.

//Editt: not sure if that will give any hints of what causing problem, but looks like my pc uses ipv6 ip rather than ipv4. When i visit whatsmyip basically shows me letters and numbers instead of standard IP.

//editt I have switched off DHCP server on the router.

//Edit, when i disable dhcp for router stops receiving any internet connection, even pihole stops loading as lease for raspberry been assigned by the router whole time.
any help? then i lose connection on every device

seems like i wont get support so best close, thanks

Your debug log indeed shows that your Pi-hole is still using eth0.
If you successfully ran Pi-hole's Reconfigure, this may possibly hint at file permission issues. Perhaps you run your Pi with a read-only file system?

You just put them back in as Pi-hole's Upstream DNS Servers via Settings | DNS.
Note however that Wireshark isn't a DNS server.

The advice was to check your router's DHCP settings and to consider reenabling the DHCP client on your Pi-hole machine.

Note that Pi-hole does not touch the DNS configuration of its host system.

Your most recent debug log shows your Pi-hole host system to still NOT use a public DNS server - it only uses the loopback address:

-rw-r--r-- 1 root root 58 Jan  6 02:00 /etc/resolv.conf
   domain lan
   nameserver 127.0.0.1

If your Pi-hole is operational, then that would allow your Pi-hole host machine to resolve DNS, but note my earlier remarks on adding another DNS resolver to that system.

How did you go about configuring DNS resolution on the device hosting your Pi-hole?

What makes you think that the device has no internet access?

And finally, I also note that the unrelated, but nevertheless futile attempts at IP address blocking are still present in your debug log.

I had some things showing up as read only, but not sure if there is any settings to change there.

I meant wireguard, sorry.

image1844×1032 121 KB

Blockquote

How did you go about configuring DNS resolution on the device hosting your Pi-hole?

Not sure what you mean here.

What makes you think that the device has no internet access?

after reinstalling again the internet is back, but keeps getting more errors in panel settings about:

1: no address range available for DHCP request via wlan0
2: DHCP packet received on wlan0 which has no address
3: no address range available for DHCPv6 request via wlan0
4: not using configured address 192.168.X.XXX because it is in use by the server or relay

Lastly, regarding the IP which I have added to the whitelist, i wasnt sure how to allow specific IP to be static, and used by specific device.

I have deactivated DHCP server in pihole. https://tricorder.pi-hole.net/Abxyx1CX/

Wireguard isn't a DNS server either.

The latter 4. may be prompted by creating a debug log, as we run a DHCP request from the device that runs Pi-hole as DHCP server. If that'd be the case, this message would be expected and could be ignored.

The former 3 may be reported if your wlan0 indeed has no IP address, e.g. if your host OS would not have acquired an IP before Pi-hole starts. If that would be the case, you could try to delay Pi-hole's startup via DELAY_STARTUP.

How did you configure the IP address of the device that runs your Pi-hole?
Does that device request a DHCP lease via its OS's DHCP client software, or did you configure a static IP on device? If the latter, what DNS server did you set?

I cannot edit the file pihole-ftl to add that line with error file/etc/pihole/pihole-ftl is unwritable. Not sure why. Even tho I have tried previously to add it delay_startup: 5. Can't save the file.

If i am running command:

dig fail01.dnssec.works @127.0.0.1 -p 5335

I get answer:

; <<>> DiG 9.11.5-P4-5.1+deb10u9-Raspbian <<>> fail01.dnssec.works @127.0.0.1 -p 5335
;; global options: +cmd
;; connection timed out; no servers could be reached

Regarding how I setup my IP etc: simply followed by tutorial here:

unbound - Pi-hole documentation
The IP for the raspberry pi is static. When i was asked during installation I did select to set it static.

what DNS server did you set?
Firstly selected opendns, then I wanted to change it to: Pi-hole as All-Around DNS Solution
I was asked to disconnect the dhcp server on my router which i did, but seems like there is chaos going on here. Not sure how to fix it.

The file path is /etc/pihole/pihole-FTL.conf

You missed the .conf in the end and FTL should be capitalized.

Same, not unwrittable

How can i make files writable? not sure what i should do, it doesnt seems to work

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.