So a small update to detail how I've fixed/reimplemented OpenVPN on my PiHole RasPi. Hopefully this will be useful to any future users having issues.
Please bear in mind this is not specifically a PiHole issue and while I'm on the fence about posting it here because of that, I'll do so because it fits in the context of the thread and it may one day help someone.
This 'fix' is a simple one, probably obvious, but should be applicable to anyone having similar connection issues, regardless of their VPN provider.
Simply put the process flow of what was going wrong can be described:
**On booting RasPi:** * PiHole loads as normal, connected (briefly) directly to your chosen DNS provider. * OpenVPN asks for DNS resolution of <your_chosen_server.your_provider.com> * OpenVPN receives IP and connects to your VPN server, tunnel is established. * PiHole works properly and retrieves DNS results from your chosen DNS provider through the VPN tunnel. **Things go wrong:** * VPN server disconnects for some reason. * PiHole is suddenly unable to retrieve DNS results because the tunnel is down. * OpenVPN tries to reconnect, asks for DNS resolution of <your_chosen_server.your_provider.com> * PiHole, unable to contact upstream DNS provider, cannot resolve <your_chosen_server.your_provider.com> * OpenVPN cannot reconnect to <your_chosen_server.your_provider.com> * PiHole cannot resolve DNS as it cannot access upstream DNS servers.
This explains why the issue wouldn't resolve until rebooting the RasPi.
So, the fix for this is simple and (with hindsight) obvious, however it may have drawbacks depending on your VPN provider. I'll go over that later in this post.
You'll need to edit your .conf or .ovpn file that OpenVPN is using to connect to the server and remove the need for DNS resolution by changing <your_chosen_server._your_provider.com> to the IP address of that server.
Here's how I did that - but bear in mind this is specific to how I set OpenVPN up. You will need to edit the files you're using in your configuration with the IP address of your chosen VPN server.
Assuming a starting point of your OpenVPN connection working (great guide HERE btw), open up a terminal/ssh session, login if necessary and:
cd /etc/openvpn sudo nano Netherlands.conf # make sure you specify YOUR chosen .conf file # in MY case, change "remote nl.privateinternetaccess.com 1198" to "220.127.116.11 1198" # in YOUR case, change "remote your_chosen_server.your_provider.com ##PORT##" to "xxx.xxx.xxx.xxx ##PORT##" # ctrl-x, y, return to save your changes
That's it. Reboot for good measure. It should automatically connect as before, but without having to resolve <nl.privateinternetaccess.com> first.
You can find out the IP you need to edit in by either using nslookup or ping on the domain name of your chosen VPN server.
If it doesn't work after making these changes, double check the IP and port are entered correctly. You can always revert the changes made.
Now, about that potential drawback I mentioned of editing your OpenVPN config this way:
Your VPN provider may from time to time change the IP addresses for your chosen server. If this happens, your OpenVPN config will then fail to connect to the (now dead) IP address. It may be better to leave it be. Your call. My system is more or less attended whenever I need it and I have secure remote access set up so I can change things when I'm away if needs be. Now I'm aware of this issue it'll be the first thing I check if PiHole goes down again.
Hope that helps someone!
Thank you again, both of you, for your help. Much appreciated, even if I was waaay wide of the mark with what was actually going on in the first place. Oh well.