Unfortunately I can only confirm the previous posts. PiHole with wifi or VPN runs on all devices without problems and unwanted content is successfully blocked... Except on Apple devices... On apple devices not a single page can be called outside the local network. A white empty page is all you get to see. I also deactivated the assignment of ipv6 addresses on the router because the first posts pointed out a problem in this area. But also here no improvement. In the Querry log or in the terminal I don't see any hints that anything is blocked.
@ThinkPad can you possibly explain in more detail which settings you changed where so you could do it?
My setup is the following :
Pi 3+ with PiHole PIVPN and DNSCrypt
Router refers via DNS entry to the raspberry, raspberry forwards to DNSCrypt and DNSCrypt outside. No iptables rules are set up.
Unfortunately I cannot provide a screenshot at the moment because it is a problem with the setup of a friend. As soon as you want to load a page, the loading bar stops at about 10%, nothing more is visible. We also tried different browsers, but each with the same result.
The Raspberry is in the network of the named friend. I can access the Raspberry via VPN to read logs or to create a debug token like in this case. I also have full root access to the Raspberry and the friends router, so I can post config files here if you wish.
*** [ DIAGNOSING ]: Networking
[โ] IPv4 address(es) bound to the eth0 interface:
192.168.178.20/24 does not match the IP found in /etc/pihole/setupVars.conf (https://discourse.pi-hole.net/t/use-ipv6-ula-addresses-for-pi-hole/2127)
[โ] IPv6 address(es) bound to the eth0 interface:
2a02:1205:503a:6070:73eb:3e74:f1a0:b804 does not match the IP found in /etc/pihole/setupVars.conf (https://discourse.pi-hole.net/t/use-ipv6-ula-addresses-for-pi-hole/2127)
fe80::4346:950e:a9e:8d9e does not match the IP found in /etc/pihole/setupVars.conf (https://discourse.pi-hole.net/t/use-ipv6-ula-addresses-for-pi-hole/2127)
In this section, the Pi-Hole IP in line 3 should be the external IP of the Pi-Hole, not the NULL IP (0.0.0.0).
*** [ DIAGNOSING ]: Name resolution (IPv4) using a random blocked domain and a known ad-serving domain
[โ] mozcloud.net is 0.0.0.0 via localhost (127.0.0.1)
[โ] mozcloud.net is 0.0.0.0 via Pi-hole (0.0.0.0)
[โ] doubleclick.com is 172.217.168.46 via a remote, public DNS server (8.8.8.8)
In this section, your Pi-Hole is also shown as IP 0.0.0.0. This should be the public IP of the Pi device (the static IP assigned from the router).
After a closer look I see that DNS-Crypt can no longer connect to the servers properly. I will probably deactivate this. I still find it strange that it seems to work on all other devices except the iphone(s).
Oct 15 00:18:41 PiHole dnscrypt-proxy[557]: Mon Oct 15 00:18:41 2018 [INFO] Refetching server certificates
Oct 15 00:18:56 PiHole dnscrypt-proxy[557]: Mon Oct 15 00:18:56 2018 [ERROR] Unable to retrieve server certificates
At the beginning I had problems with the loading time for different pages. When I changed the settings to NULL-IP the pages loaded much faster. Where would this have to be configured correctly?
If I were you, I would stop using DNSCrypt, uninstall it, and have Pi-Hole go directly to a third party upstream DNS server (Cloudflare, Quad 9, etc.). That will make troubleshooting problems easier.
Then, once all the devices can work with Pi-Hole, add DNSCrypt 2.0) back into the setup and see if everything still works.
What is your primary purpose for using DNSCrypt? There might be another solution that can meet your needs.
There is no specific reason why i use dnscrypt. i came across it by chance and read that it effectively protects against man-in-the-middle attacks. That's why I wanted to try this, which worked wonderfully in the beginning. There is no real need for.
Then I can simply add the DNS servers (of the ISP) to setupVars.conf to bypass DNS crypt?
Unbound will do the same thing. It is set up to be a local resolver, and it completely bypasses the third party DNS providers. It has authentication as well, to prevent MIM attacks. Very easy to setup using this guide. You might want to try this after you get all the devices working on Pi-Hole again.
I will try it on a test system as soon anything else is working.
i created another debug log with the following token: o0p2414zm8. The IP address errors you mentioned are now at least gone. If this setup will work on the mentioned iphone I can't answer right away because we have 1 o'clock in the morning and my friend is sleeping now.
but I'll certainly get back to you as soon as I know more. Unless you have something else to change? I like to thank you for your patience and your help.
*** [ DIAGNOSING ]: Networking
[โ] IPv4 address(es) bound to the eth0 interface:
192.168.178.20/24 matches the IP found in /etc/pihole/setupVars.conf
*** [ DIAGNOSING ]: Name resolution (IPv4) using a random blocked domain and a known ad-serving domain
[โ] tosimplify.net is 0.0.0.0 via localhost (127.0.0.1)
[โ] tosimplify.net is 0.0.0.0 via Pi-hole (192.168.178.20)
[โ] doubleclick.com is 172.217.168.46 via a remote, public DNS server (8.8.8.8)
hmm now i have the problem that generally no more pages can be resolved, so there is currently no possibility to upload the debug log (but still can login via VPN). Should I paste the complete output here or only a certain part of it?