Pi-hole, DNS-Over-HTTPS, and VPN Sever


I have a Raspberry Pi 2 with DietPi running Pi-hole as a DNS server. Moreover, I am doing DNS-Over-HTTPS using the argo-tunnel tool cloudflared (https://bendews.com/posts/implement-dns-over-https/).

Now I’d like to set up a VPN server on the same Raspberry Pi 2 for very occasional use when I’m on travel. I plan on doing so using the PiVPN script (https://pimylifeup.com/raspberry-pi-vpn-server/). I’m only going to port forward on the router when I’m on these trips, basically because having open ports is a bit spooky as far as I’m concerned.

My question is as follows: Given my DNS server is performing DNS-Over-HTTPS by setting server= in files in/etc/dnsmasq.d per the link above, when I am running through the VPN setup with PiVPN and am asked to set a DNS provider, do I give a custom provider of 127.0.1#5053? Will the PiVPN script accept the port number as such? And, importantly, is there anything I am missing with the feasibility of using Pi-hole, DNS-Over-HTTPS, and a VPN server on the same Raspberry Pi?



Why do you want to provide the DNS-Over-HTTPS server and not your Pi-hole as DNS server through the VPN?

We have a very detailed guide covering your case more or less exactly here: https://docs.pi-hole.net/guides/vpn/overview/


Thanks for the guide. I actually also have an external VPN server, namely IVPN. I was trying to get the DNS requests to go through the VPN but was frustrated by the following: when I’d add the VPN’s DNS IP address to Pi-hole, the VPN would reconnect and the reconnection would result in a new VPN DNS IP address that was not what I entered so I’d have a chicken-and-egg problem. I gave up and used DNS-Over-HTTPS which was straightforward to implement. However, I’ll look at your guide and perhaps that will help me sort it out.

That said, I am still eager to roll my own VPN rather than using an external VPN server. The tutorial you sent is geared toward users setting up a VPN on a cloud hosted virtual server. Perhaps the tutorial will still work if I am using my own server? In other words, I stop using DNS-Over-HTTPS, host my own VPN server on my Raspberry Pi, and use Pi-Hole on the same Raspberry Pi.

By the way, I just read “Inside the Brotherhood of Pi-hole Ad Blockers” in Bloomberg. It was a great article about you guys.



Yes, the guide can directly be used locally. In fact, things are simpler, as you can just ignore all firewall related things when your Pi-hole is anyway behind a router’s firewall.

This is very helpful for what you want: https://docs.pi-hole.net/guides/vpn/dual-operation/



Thanks. I’ll need to undo the DNS-Over-HTTPS and give this a try. The documentation is very well done so I think I will be in good shape.


I should had added to be clear-- I intend Pi-hole and the VPN server to run on the same Raspberry Pi 2. I’m not sure if that was clear from what I wrote earlier. If there are any issues with both running on the same Pi, let me know. Thanks!


No, I assisted a few users to install an exact similar setup at home. VPN & Pi-hole on the dame device is exactly what this guide is for. The last step I posted is for being able to reach also the other devices of your local network when traveling and connected via your VPN. It is the most easy way of integrating everything nicely.


This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.