After setting DNS on my other devices, I should see other devices on pi-hole clients list, thought not showing
Hardware:
-Pi 2 Model B, MacOS, iPhone
[Any device, after changing DNS to Pi's IP, can't connect to the Internet.
I can ssh onto my pi from my Mac, even after changing the DNS it seems to working.]
[https://tricorder.pi-hole.net/9xfz5xjvj7]
Appreciate for any help.
You've turned your Pi-hole into an open resolver, which poses a potential threat for all Internet users, e.g. by serving as a multiplier in a DNS Amplification attack.
The Pi-hole team strongly discourages Pi-hole’s usage as an open resolver , and we won't provide support in that case.
I guess I installed PiVPN before and it did it.
How could I turn the open resolver function off?
Best regards,
An open resolver is the result of having port 53 opened to your Pi-hole instance.
Making it accessible through VPN only is the right approach.
Have a look at Pi-hole's guide on setting up OpenVPN, specifically (but not exclusively) the firewall section. Adopt that to your configuration, and try to configure Pi-hole for the VPN tunnel's private IP address (from 192.168.0.0/16, 172.16.0.0/12 or 10.0.0.0/8), instead of using a public IP.
I followed the guide you attached and set up the firewall section as the tutorial.
I could access the website with 10.8.0.1/admin/ after connecting the VPN.
Though I couldn't access the Internet.
Here is a new debug file: https://tricorder.pi-hole.net/j5j9tqv8qa
I have to disconnect the VPN for this post.
I didn't fully understand your setup, but your debug log shows
PIHOLE_INTERFACE=eth0
DNSMASQ_LISTENING=single
This means your pihole is only listening on eth0 for DNS requests. If you use a VPN on the same device, you might want to change the interface to your VPN interface (e.g. tun0). Run pihole -r and choose reconfigure. OR if you use your pihole also for local devices you might want to change the listening interface to "Listen on all interfaces" (Web interace/Settings/DNS)
Thank you for the feedback.
I remember I did choose tun0 last time when I ran pihole -r, I'll try to do it again then come back report.
For the "Web interface/Settings/DNS", does that happen because I followed the guide shared by Bucking_Horn?
See here:
The undocumented
pihole -a -i allcommand is simply what runs when you choose Listen on all interfaces, permit all origins (make sure your Pi-hole is firewalled) , which if you've read this far in the tutorial, you should understand that we don't want you to knowingly or unknowing set up an open resolver.
Right now seems my pi-hole works when I use my other devices connect to Raspberry Pi with openVPN. What I did is configured the
DNSMASQ_LISTENING=local
through the "Web interface/Settings/DNS".
My /etc/openvpn/server/server.conf as this:
local 129.74.164.66
port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh.pem
auth SHA512
tls-crypt tc.key
topology subnet
server 10.8.0.0 255.255.255.0
push "redirect-gateway def1 bypass-dhcp"
ifconfig-pool-persist ipp.txt
push "dhcp-option DNS 10.8.0.1"
# push "dhcp-option DNS 8.8.8.8"
# push "dhcp-option DNS 8.8.4.4"
keepalive 10 120
cipher AES-256-CBC
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 3
crl-verify crl.pem
explicit-exit-notify
log /var/log/openvpn.log
verb 3
I used pihole -d and here is the new log file: https://tricorder.pi-hole.net/k511sqmxiu
Am I setting this right?
My VNC viewer seems not working as well.
By the way, if I want to use pihole when I use cellular data, is that possible?
Another question is, right now I'm using the default two adlists. If I want to block certain ads on the website or in some apps. Any suggestions or resources to refer to?
Really appreciate for all that helped me to this far.
Right now seems my pi-hole works when I use my other devices connect to Raspberry Pi with OpenVPN. What I did is configured the
DNSMASQ_LISTENING=local
through the "Web interface/Settings/DNS".
My /etc/openvpn/server/server.conf as this:
local 129.74.164.66
port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh.pem
auth SHA512
tls-crypt tc.key
topology subnet
server 10.8.0.0 255.255.255.0
push "redirect-gateway def1 bypass-dhcp"
ifconfig-pool-persist ipp.txt
push "dhcp-option DNS 10.8.0.1"
# push "dhcp-option DNS 8.8.8.8"
# push "dhcp-option DNS 8.8.4.4"
keepalive 10 120
cipher AES-256-CBC
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 3
crl-verify crl.pem
explicit-exit-notify
log /var/log/openvpn.log
verb 3
I used pihole -d and here is the new log file : https://tricorder.pi-hole.net/k511sqmxiu
Am I setting this right?
My VNC viewer seems not working as well.
By the way, if I want to use pihole when I use cellular data, is that possible?
Another question is, right now I'm using the default two adlists. If I want to block certain ads on the website or in some apps. Any suggestions or resources to refer to?
Really appreciate all that helped me to this far.
Sorry, but I cannot assist you in quality assuring your VPN connection. Your config file would be specific to your network and your personal preferences, all of which are unkown to me.
That said, setting a local IP listening address is optional and usually isn't required.
As this is not a Pi-hole issue, you could increase your chances for a knowledgable answer by opening a new separate topic in the Community Help category, and also by consulting OpenVPN's or VNC's support forums.
Yes, connecting to your VPN when away from home is exactly why you setup a VPN server. Your VPN server is indifferent to your connection type, be it through WiFi or cellular.
I connect my Pi with a school ethernet port, I find I couldn't connect the VPN when I'm not using the eduroam wifi network.
This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.