PiHole not blocking over VPN

glockner · October 21, 2019, 9:35pm

Expected Behaviour:

Domains should be blocked when connected over VPN.

Actual Behaviour:

Domains are not blocked.

Debug Token:

https://tricorder.pi-hole.net/1pjcigrgbe

I am using PiVPN as my VPN host. I have my router's DNS pointing to my PiHole. When I am connected to my VPN, PiHole is not receiving/blocking any of the domains I visit on the computer connected via VPN. I have set my PiHole DNS to Listen on all interfaces, permit all origins and update my PiVPN DNS IP to be that of my PiHole IP to no avail. Any help would be appreciated!

RamSet · October 21, 2019, 9:39pm

If you are using an Android based device, then that might be your issue (it's a known fact that some android based devices override DNS settings - even prom VPN tunnels -).
You might want to research that aspect if this is the case for you.

Regardless of your device though, you should share your server.conf file and maybe the output of your connection log on your client.

Also, the official guide of achieving VPN with Pi-hole (in several configurations) is available here:

The guide is for OpenVPN RoadWarrior not for PiVPN.

glockner · October 21, 2019, 9:42pm

I am using the openvpn command line on an ubuntu machine. I connect to my home network just fine, PiHole just isn't receiving any of my domain queries.

server.conf output:

dev tun
proto udp
port 11947
ca /etc/openvpn/easy-rsa/pki/ca.crt
cert /etc/openvpn/easy-rsa/pki/issued/server_CGN4Zy1s9uMEREvl.crt
key /etc/openvpn/easy-rsa/pki/private/server_CGN4Zy1s9uMEREvl.key
dh none
topology subnet
server 10.8.0.0 255.255.255.0
# Set your primary domain name server address for clients
push "dhcp-option DNS 192.168.0.3"
# Prevent DNS leaks on Windows
push "block-outside-dns"
# Override the Client default gateway by using 0.0.0.0/1 and
# 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of
# overriding but not wiping out the original default gateway.
push "redirect-gateway def1"
client-to-client
keepalive 1800 3600
remote-cert-tls client
tls-version-min 1.2
tls-crypt /etc/openvpn/easy-rsa/pki/ta.key
cipher AES-256-CBC
auth SHA256
user nobody
group nogroup
persist-key
persist-tun
crl-verify /etc/openvpn/crl.pem
status /var/log/openvpn-status.log 20
status-version 3
syslog
verb 3

RamSet · October 21, 2019, 9:46pm

I'm not sure how PiVPN sets up the IPTABLES rules and how the packets go between tun and your eth0 interface.

If PiVPN and Pi-hole are on the same machine, update push "dhcp-option DNS 192.168.0.3" to push "dhcp-option DNS 10.8.0.1"

Restart OpenVPN server, reconnect and try again.

Also check and see if on the device, your OpenVPN settings are loaded correctly.

You can always run a dnsleaktest and see who is answering your requests.

If everything is fine, you should see your home public IP.

glockner · October 21, 2019, 10:09pm

I think I figured out my issue by following your suggestion of running a DNS leak test. I was working off of a mobile hotspot, and I think that was overriding my DNS settings. Seems to be working correctly when not connected over hotspot. Thanks for the assistance!

system · November 11, 2019, 10:14pm

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.