Pihole on OpenVPN DNS Issues

Max5210 · October 21, 2024, 6:32am

Hello,

I would like to add the pihole's DNS to the OpenVPN DNS server, instead of Cloudflare's DNS, for ad blocking. I have my Pihole instance running on Ubuntu Server on 192.168.1.127, whereas my OpenVPN is running on Ubuntu Server on 192.168.1.124. My OpenVPN is on port 1443, alongside with Stunnel on port 443 for obfuscation. These two instances are both depolyed on Proxmox, with one single server computer. I have completely removed and I can confirm that there are no firewalls on both of these two instances and they are all behind NAT (my router).

When I switch the DNS from Cloudflare's to another DNS such as google's the openvpn client on Windows connects and is able to resolve the DNS. But when I switch it to my pihole's DNS address, the windows OpenVPN client connects, but when I use the internet, the DNS would not resolve. Any help will be kindly appreciated. Thank You.

Below are my OpenVPN server.conf and client.conf files:

port 1443
proto tcp
dev tun
tun-mtu 1390
user nobody
group nogroup
persist-key
persist-tun
keepalive 10 120
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
#push "dhcp-option DNS 1.0.0.1"
#push "dhcp-option DNS 1.1.1.1"
push "dhcp-option DNS 192.168.1.127"
push "redirect-gateway def1 bypass-dhcp"
dh none
ecdh-curve prime256v1
tls-crypt tls-crypt.key
crl-verify crl.pem
ca ca.crt
cert server_qs2L2DYUaw22IfhA.crt
key server_qs2L2DYUaw22IfhA.key
auth SHA256
cipher AES-256-GCM
ncp-ciphers AES-256-GCM
tls-server
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384
client-config-dir /etc/openvpn/ccd
status /var/log/openvpn/status.log
verb 3

client
proto tcp-client
remote 127.0.0.1 1443
dev tun
tun-mtu 1390
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
verify-x509-name server_qs2L2DYUaw22IfhA name
auth SHA256
auth-nocache
cipher AES-256-GCM
tls-client
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384
ignore-unknown-option block-outside-dns
setenv opt block-outside-dns # Prevent Windows 10 DNS leak
verb 3
<ca>

Bucking_Horn · October 21, 2024, 6:36am

Is 192.168.1.0/24 your VPN network?

If that's your home network instead, your VPN clients won't know a route to that address.
You'd either have to add respective routing to your OpenVPN server, or make your Pi-hole machine part of the VPN network and push its respective VPN IP address as DNS server.

In any case, this is a networking question, not a Pi-hole one, so you should consider consulting respective forums for further details as well.

system · November 11, 2024, 6:36am

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.