Pi-hole with TP-Link Archer VR600 AC1600 Wireless Gigabit VDSL/ADSL Modem Router

Hello all,
I installed pi-hole on nuc in a proxmox vm - all went well.
I was wondering where do I need to update pi-hole's IP in my router:
Should I change the default gateway or the primary DNS?

My other question is about VPN client -
I intend to buy an ASUS router with a VPN client capabilities, so that every device in my home network can use the net safely and anonymously.
So my question is, is it possible to work side by side with pi-hole?

Typically, your router will serve as as the gateway in your network.

Pi-hole isn't involved in routing at all - it is a filtering DNS forwarder.

It would be preferred if you'd configure your router to distribute Pi-hole as local DNS server via DHCP.
Some router firmwares wouldn't support that. In that case, you can also configure your router to use Pi-hole as its upstream DNS server.

Regardless of local or upstream configurations, Pi-hole has to be the sole DNS server, or clients will be able to by-pass Pi-hole via any secondary, tertiary or alternate DNS servers you provide.

If your router would act as a VPN client, which VPN server is it going to connect to? Are you planning to subscribe to a VPN service so that your router will act as a VPN gateway to that service?


Are you reffering to option 2 on this article?

I am going to connect to an expressVPN server - I have a paid account.

In that case, your router is handling encrypted connections to your paid VPN service, effectively acting as a VPN gateway.

All clients in your network -including your Pi-hole host- will direct their outbound traffic towards your router as usual, where your router will encrypt and forward it your VPN provider.

Note that VPN providers may force DNS traffic in their network to their own DNS servers in order to prevent DNS leaks, i.e. Pi-hole's forwarded DNS requests may then be redirected to those instead of going to a configured public upstream DNS server.

Those VPN providers that don't may ask you to configure your router to make use of their DNS servers as upstream explicitly, again to prevent DNS leaks.

In conjunction with Pi-hole and a router that only allows upstream DNS servers to be configured (as opposed to configuration of a local DNS server via DHCP), that may in turn require you to configure your Pi-hole to use your VPN's DNS servers as its only upstreams while keeping Pi-hole as your router's only upstream.

You'd have to consult your router's documentaion and inquire with your chosen VPN provider to find out about your configuration choices.

A big thank you, it is very helpful.

Are you referring to option 2 on this article?

I didn't refer to any docs, but you may look at that as one example for a possible configuration.

Your actual configuration options would of course depend on your router and firmware, and those may look very different.
In general, a router's upstream DNS servers are often to be found as a WAN / Internet option, whereas local DNS servers appear under LAN / DHCP options.

Consulting your router's documentation and/or support should provide better insights in those details.

I'm trying to understand how to implement this preferrd method:
configure your router to distribute Pi-hole as local DNS server via DHCP.

Google have all kind of answers, but I'm not sure which guide should I follow.

Sorry, but I'm not sure I fully understand it.

This is my WAN/Internet Screen
When I added Pi-Hole's ip to primary DNS I lost access to my router and my Internet connection

This is my LAN screen

Will appreciate any help with this.

I can't really provide any further guidance than I've provided already.
Your screenshots seem to match my remarks on where to find your router's options for configuring Pi-hole as your router's upstream (your WAN/Internet screen) or distribute it as local DNS server via DHCP (your LAN screen).

I cannot know how your specific router model would behave or what values it would consider valid for the numerous bells and whistles your router's UI allows to interact with.
You should consider your router's documentation and support channels to find out. Another approach would be to experiment with your settings and find out by trial and error.

That said, I'd probably begin with the preferred approach of distributing Pi-hole as local DNS via DHCP.
Note that clients would start picking up Pi-hole as DNS server only after their current lease time has expired and they'd renew their lease.
You may force a client device to renew its lease, e.g. by dis-and reconnecting its wifi network or by power-cycling the device.

There are routers that may not agree with setting a private IP address as DNS server, or those that would redirect DNS traffic to your ISP's servers, or those that always distribute themselves in addition to any DNS servers configured. Again, you'd have to consult your router's documentation and support for details.

Also, in order to better attract users from our community who have successfully weathered difficulties similar to yours, you could consider to include your router's make and model in your topic's title.

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.