Pi-hole not working as DNS with OpenVPN

Help
1

Please follow the below template, it will help us to help you!

Expected Behaviour:

Pihole should be the DNS provider to openvpn setup.

Actual Behaviour:

openvpn is connected and internet works, but seems like pihole is not being used.
This is openvpn .conf settings:

port 443
proto udp
dev tun
sndbuf 0
rcvbuf 0
ca ca.crt
cert server.crt
key server.key
dh dh.pem
auth SHA512
tls-auth ta.key 0
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
#push "dhcp-option DNS 8.8.8.8"
#push "dhcp-option DNS 8.8.4.4"
push block-outside-dns
push "dhcp-option DNS 10.8.0.1"
keepalive 10 120
cipher AES-256-CBC
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 3
crl-verify crl.pem

Debug Token:

https://tricorder.pi-hole.net/mzphaq6kxq

SOLVED: I being a noob, did a trivial mistake of selecting no logging and hence no data was displayed in dashboard. Selected everything under Privacy tab of Settings. Issue solved. So, OpenVPN through 443 and pihole together working great. Thanks RamSet.

2 
cat /etc/dhcpcd.conf 
# A sample configuration for dhcpcd.
# See dhcpcd.conf(5) for details.

# Allow users of this group to interact with dhcpcd via the control socket.
#controlgroup wheel

# Inform the DHCP server of our hostname for DDNS.
hostname

# Use the hardware address of the interface for the Client ID.
#clientid
# or
# Use the same DUID + IAID as set in DHCPv6 for DHCPv4 ClientID as per RFC4361.
# Some non-RFC compliant DHCP servers do not reply with this set.
# In this case, comment out duid and enable clientid above.
duid

# Persist interface configuration when dhcpcd exits.
persistent

# Rapid commit support.
# Safe to enable by default because it requires the equivalent option set
# on the server to actually work.
option rapid_commit

# A list of options to request from the DHCP server.
option domain_name_servers, domain_name, domain_search, host_name
option classless_static_routes
# Most distributions have NTP support.
option ntp_servers
# Respect the network MTU. This is applied to DHCP routes.
option interface_mtu

# A ServerID is required by RFC2131.
require dhcp_server_identifier

# Generate Stable Private IPv6 Addresses instead of hardware based ones
slaac private
interface tun0
        static ip_address=10.8.0.1/24
        static routers=XX.XXX.XX.3
        static domain_name_servers=127.0.0.1
3 
ip -4 route | grep default | cut -d ' ' -f 3
XX.XXX.XX.1

This is wrong ; it should be XX.XXX.XX.3 ; this is my vps ip.

The setup is pi-hole and openvpn running on a ubuntu vps.

Kindly advise.

UPDATE:

I have activated DHCP server on pihole and the page for Block Ads! ; says adblocking activated. Although the dashboard page says 0 queries and the Network Overview has two entries for XX.XXX.XX.1 instead of XX.XXX.XX.3

MORE INFO:

ip a

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 00:XX:XX:20:04:Xb brd ff:ff:ff:ff:ff:ff
    inet XX.XXXXX.3/26 brd XX.XXX.XX.63 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 2a01:9723:1:ff45::9aXc/64 scope global 
       valid_lft forever preferred_lft forever
    inet6 fe8a::9e5b:617f:baca:d8X9/64 scope link 
       valid_lft forever preferred_lft forever
4: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN group default qlen 100
    link/none 
    inet 10.8.0.1/24 brd 10.8.0.255 scope global tun0
       valid_lft forever preferred_lft forever
    inet6 fe80::aae9:c9f4:bf98:9412/64 scope link stable-privacy 
       valid_lft forever preferred_lft forever
5

Try removing this (as it's not necessary).

I know what you want to do here :wink: but it's not gonna work ...

Put it on some non Official IANA ports ...

Let me know if changing the port fixes it (with modified IPTABLES of course) ...

7

Noted.

Please find the pi-hole log. Fastest Private Online Notepad with Privacy and Publishing

Seems to be working, kindly confirm ; but only thing is it doesnt display on dashboard.

8

Looks like it's working properly.

You should start seeing clients in the dashboard as Devicename.vpn or the VPN IP ...
Try hitting a known ad server domain like http://flurry.com ... that should show up in the dashoboard (and not load on your device).

9 
Jun  4 23:06:20 dnsmasq[645]: query[A] flurry.com from 10.8.0.2
Jun  4 23:06:20 dnsmasq[645]: /etc/pihole/gravity.list flurry.com is 0.0.0.0
Jun  4 23:06:20 dnsmasq[645]: query[A] flurry.com from 10.8.0.2
Jun  4 23:06:20 dnsmasq[645]: /etc/pihole/gravity.list flurry.com is 0.0.0.0
Jun  4 23:06:20 dnsmasq[645]: query[A] flurry.com from 10.8.0.2
Jun  4 23:06:20 dnsmasq[645]: /etc/pihole/gravity.list flurry.com is 0.0.0.0

Does not load on device, but also not shown on dashboard. Query log is also empty.

Openvpn is connected for more than 24 hrs and browsing was done, but no joy on dashboard.

10

Try deleting /etc/pihole/pihole-FTL.db and restarting pihole-FTL after.
This will reset the database.

Try it again after you restarted the pihole-FTL service.

One thing to keep in mind. This will delete all your browsing history up to this point.

11

Tried as recommended but no joy.

The FTL logs are empty whereas the pihole logs are being written. Understand that since FTL logs are empty , hence dashboard is empty.

Solved: I being a noob, did a trivial mistake of selecting no logging and hence no data was displayed in dashboard. Issue solved. So, OpenVPN through 443 and pihole together working great. Thanks RamSet.

12

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.