Pi-Hole and VPN client on Raspberry Pi

clavelc · April 12, 2020, 7:40pm

Please follow the below template, it will help us to help you!

Hi Everyone
I set up pi-hole on raspberry pi (works beautifully ! )
I also set up an openvpn client (to use with transmission)

Expected Behaviour:

Without further configuration I expected all traffic from the Raspberry Pi to go through the VPN, including pi-hole queries. All traffic from the Pi should therefore circumvent Pi-hole and use the VPN server DNS.

Actual Behaviour:

Pi-hole successfully filters traffic coming from the pi (I tried browsing with w3m from console). This was the intended end-result, but I expected further configuration to be necessary

Debug Token:

https://tricorder.pi-hole.net/rceatbjwdy

Why does openvpn default to using the pi-hole DNS ? maybe because it's on the same system ? on my laptop, if I connect the vpn I have to manually set the pi DNS address, otherwise the DNS queries go straight through the VPN provider.

Thanks for your help in understanding all of this !

bubbagump210 · April 13, 2020, 8:01pm

If I am following:

You want the Pi to serve DNS via Pihole to your network.
You want recursive DNS queries from Pihole to use the VPN.
You want Pi itself to NOT use Pihole but the VPN providers DNS

Assuming I understand, that is not possible. The Pi running Pihole must use the locally running Pihole to resolve queries as /etc/resolv.conf must be set to 127.0.0.1. My assumption is you don't want the Pi to use Pihole for DNS as you don't want things to be blocked. This may be possible with per host eceptions in v5, but I am not certain.

Under debug token you seem to describe a different scenario when when you connect to the VPN you are NOT getting the Pihole set as your DNS server. This is solved by adding

push "dhcp-option DNS some.ip.add.ress"

To your OpenVPN server.conf. This will push a specific DNS server to be used upon connecting to the VPN.

clavelc · April 14, 2020, 12:17am

Thanks very much for your answer;

My question was that, having not set the "dhcp-option DNS x.x.x.x", I was expecting that once the VPN was connected, the traffic would not be filtered by Pi-Hole. But surprisingly I could still see the queries being filtered on Pi-Hole's admin panel with the VPN connected. Maybe the Pi is forced to use the locally installed Pi-hole even with VPN, even without "dhcp-option".
I would have tried again but I messed everything up trying to setup a Wifi hotspot next to pi-hole, so I think I'm going to start fresh.

jfb · April 14, 2020, 12:44am

This is not a requirement, but it is the Pi-hole default in Pi-hole V4 and earlier. It can be changed with local change to your Pi-hole code.

In V5.0 this is changed and the DNS server in this file is not altered by Pi-hole (i.e. Pi-hole doesn't change this to put the loopback IP there).

clavelc · April 14, 2020, 11:21am

So if I understand correctly, this loopback IP which Pi-hole currently puts in /etc/resolv.conf is what causes Openvpn (if installed on the same Pi) to use the Pi-hole DNS service automatically ? Just checking before I change it to solved

Thanks !

Bucking_Horn · April 14, 2020, 12:30pm

jfb is just stating that altering /etc/resolv.conf will not harm Pi-hole's operation in any way.

You'd have to check with your VPN software documentation if and how changing nameservers in that file will affect your VPN.

Note that changes may be overwritten if you reinstall or reconfigure Pi-hole v4.

Tntdruid · April 14, 2020, 12:31pm

I use Zerotier, can use same dns server everywhere, run faster than VPN too

system · May 5, 2020, 12:35pm

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.