Modified by moderator:
See also our new official HowTo which originated from this article here and tries to make it easily followable, providing additional help:
Original message from Pihole1234
wget https://git.io/vpn -O openvpn-install.sh sudo bash openvpn-install.sh
curl -L https://install.pi-hole.net | bash
ok so i have both pihole and openvpn hosted both on the same vps. i installed both using default ip of vps. Then i edited files using this tutorial to get openvpn and pihole working together.
1. Needed to setup my /etc/pihole/setupVars.conf file like so by adding an addtional listening interface
(dns may be different for some):
piholeInterface=eth0 piholeInterface=tun0 IPv4_address=[raspberryPi IP address]/24 IPv6_address= piholeDNS1=188.8.131.52 piholeDNS2=184.108.40.206
2. Then make sure that /etc/dnsmasq.d/01-pihole.conf was like the following
(note that there are two 'interface=" entries; one for the ethernet port, one for the tun0 vpn interface):
address=/pi.hole/[raspberryPi ip address] addn-hosts=/etc/pihole/gravity.list domain-needed bogus-priv no-resolv server=220.127.116.11 server=18.104.22.168 interface=eth0 interface=tun0 cache-size=10000 log-queries log-facility=/var/log/pihole.log local-ttl=300 log-async
3. Example dump the whole openvpn server config. But I bolded out the relevant lines (located in /etc/openvpn/server.conf)
Most of this should already be setup when you installed openvpn. This config assumes that your local subnet is a standard 192.168.1.0/24 network, and that the subnet OpenVPN server is assigning/using for connected clients is 10.8.0.0/24:
dev tun proto tcp port 1149 ca /etc/openvpn/easy-rsa/keys/ca.crt cert /etc/openvpn/easy-rsa/keys/server.crt key /etc/openvpn/easy-rsa/keys/server.key dh /etc/openvpn/easy-rsa/keys/dh2048.pem server 10.8.0.0 255.255.255.0 ifconfig 10.8.0.1 10.8.0.2 push "route 10.8.0.1 255.255.255.255" push "route 10.8.0.0 255.255.255.0" push "route 192.168.1.0 255.255.255.0" push "dhcp-option DNS [raspberryPi ip address no subnet listed]" push "redirect-gateway def1" client-to-client duplicate-cn keepalive 10 120 tls-version-min 1.2 tls-auth /etc/openvpn/easy-rsa/keys/ta.key 0 cipher AES-256-CBC auth SHA256 comp-lzo user nobody group nogroup persist-key persist-tun status /var/log/openvpn-status.log 20 log /var/log/openvpn.log verb 1
So the problem now is both the dns server and lighttpd server were both still public if you put in my vps ip. I’ve turned off the lighttpd server with this.
sudo systemctl disable lighttpd.service sudo systemctl stop lighttpd.service
if i want to restart web server I do this
sudo systemctl enable lighttpd.service sudo systemctl start lighttpd.service
Now no one can access admin page.
Now how to I make it that no one else can use my dns server without me setting them up through openvpn. Any help would be great. thanks