Expected Behaviour:
Pi-hole should be used for DNS when connected to VPN.
Actual Behaviour:
Pi-hole adminstator interface is accessible through VPN, but Pi-hole is not being used for DNS.
Debug Token:
https://tricorder.pi-hole.net/tzrSRlqc/
My issue is identical with the one in the following post, except that I did not disable logging.
Pi-hole is installed on a VPS, using this guide.
https://docs.pi-hole.net/guides/vpn/openvpn/overview/
The VPN works fine. Pi-hole interface works fine. Pi-hole resolving and blocking works fine when done from the VPS. Pi-hole isn't used at all by clients using the VPN.
Blocking On VPS:
host pi-hole.net 10.8.0.1
Using domain server:
Name: 10.8.0.1
Address: 10.8.0.1#53
Aliases:
pi-hole.net has address `<public IP redacted>`
pi-hole.net mail is handled by 20 sunfire-relay.mxrouting.net.
pi-hole.net mail is handled by 10 sunfire.mxrouting.net.
I blocked odysee.com to make the following example.
host odysee.com 10.8.0.1
Using domain server:
Name: 10.8.0.1
Address: 10.8.0.1#53
Aliases:
odysee.com has address 0.0.0.0
odysee.com has IPv6 address ::
OpenVPN server.conf
local XXX.XXX.XXX.XXX
port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh.pem
auth SHA512
tls-crypt tc.key
topology subnet
server 10.8.0.0 255.255.255.0
push "redirect-gateway def1 bypass-dhcp"
ifconfig-pool-persist ipp.txt
push "dhcp-option DNS 10.8.0.1"
#push "dhcp-option DNS 149.112.112.112"
push "block-outside-dns"
keepalive 10 120
cipher AES-256-CBC
user nobody
group nogroup
persist-key
persist-tun
verb 3
crl-verify crl.pem
explicit-exit-notify
01-pihole.conf
addn-hosts=/etc/pihole/local.list
addn-hosts=/etc/pihole/custom.list
localise-queries
no-resolv
log-queries
log-facility=/var/log/pihole/pihole.log
log-async
cache-size=10000
server=9.9.9.9
server=149.112.112.112
domain-needed
expand-hosts
bogus-priv
local-service
setupVars.conf
PIHOLE_INTERFACE=tun0
QUERY_LOGGING=true
INSTALL_WEB_SERVER=true
INSTALL_WEB_INTERFACE=true
LIGHTTPD_ENABLED=true
CACHE_SIZE=10000
DNS_FQDN_REQUIRED=true
DNS_BOGUS_PRIV=true
DNSMASQ_LISTENING=local
WEBPASSWORD=<redacted>
BLOCKING_ENABLED=true
WEBUIBOXEDLAYOUT=traditional
WEBTHEME=default-dark
DNSSEC=false
REV_SERVER=false
PIHOLE_DNS_1=9.9.9.9
PIHOLE_DNS_2=149.112.112.112
Firewall
This VPS is only used for testing, so I disable the firewall while testing in order to remove as many variables as possible. I should mention I am using UFW to manage the firewall, as the VPS I hope to install Pi-hole on already has other services running on it, and it uses UFW.
iptables -L --line-numbers
Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 ACCEPT udp -- anywhere anywhere udp dpt:openvpn
2 ufw-before-logging-input all -- anywhere anywhere
3 ufw-before-input all -- anywhere anywhere
4 ufw-after-input all -- anywhere anywhere
5 ufw-after-logging-input all -- anywhere anywhere
6 ufw-reject-input all -- anywhere anywhere
7 ufw-track-input all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
num target prot opt source destination
1 ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
2 ACCEPT all -- 10.8.0.0/24 anywhere
3 ufw-before-logging-forward all -- anywhere anywhere
4 ufw-before-forward all -- anywhere anywhere
5 ufw-after-forward all -- anywhere anywhere
6 ufw-after-logging-forward all -- anywhere anywhere
7 ufw-reject-forward all -- anywhere anywhere
8 ufw-track-forward all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
1 ufw-before-logging-output all -- anywhere anywhere
2 ufw-before-output all -- anywhere anywhere
3 ufw-after-output all -- anywhere anywhere
4 ufw-after-logging-output all -- anywhere anywhere
5 ufw-reject-output all -- anywhere anywhere
6 ufw-track-output all -- anywhere anywhere
Chain ufw-after-forward (1 references)
num target prot opt source destination
Chain ufw-after-input (1 references)
num target prot opt source destination
Chain ufw-after-logging-forward (1 references)
num target prot opt source destination
Chain ufw-after-logging-input (1 references)
num target prot opt source destination
Chain ufw-after-logging-output (1 references)
num target prot opt source destination
Chain ufw-after-output (1 references)
num target prot opt source destination
Chain ufw-before-forward (1 references)
num target prot opt source destination
Chain ufw-before-input (1 references)
num target prot opt source destination
Chain ufw-before-logging-forward (1 references)
num target prot opt source destination
Chain ufw-before-logging-input (1 references)
num target prot opt source destination
Chain ufw-before-logging-output (1 references)
num target prot opt source destination
Chain ufw-before-output (1 references)
num target prot opt source destination
Chain ufw-reject-forward (1 references)
num target prot opt source destination
Chain ufw-reject-input (1 references)
num target prot opt source destination
Chain ufw-reject-output (1 references)
num target prot opt source destination
Chain ufw-track-forward (1 references)
num target prot opt source destination
Chain ufw-track-input (1 references)
num target prot opt source destination
Chain ufw-track-output (1 references)
num target prot opt source destination
Pi-hole settings
Pi-hole DNS setting is „Allow only local requests".
I checked „Pi-hole diagnosis", and there's nothing in there about my requests being blocked.
I don't know what else to do. I've tried restarting from scratch about two dozen times, and have read countless blog and forum posts, leading to no success. Any help would be appreciated. Thank you.