Pihole+Unbound+OpenVPN No DNS

Please follow the below template, it will help us to help you!

Expected Behaviour:

Followed https://docs.pi-hole.net/guides/vpn/overview/ to install openvpn on a raspbian which already has a running pihole+unbound.
The only difference between my steps with the docs is I had a pihole+unbound first, then install openvpn later. I didn’t choose tun0 interface to configure pihole as it was already running fine on eth0. I assumed to change the listen interfaces to all on pihole dashboard will work.

Actual Behaviour:

no matter I push which DNS server in OpenVPN configuration file, on OpenVPN client log, the DNS always shows 127.0.0.1. (I think it may relate to pihole use 127.0.0.1#5353 to query unbound)
After connect OpenVPN, the intranet and Internet both works via IP addresses, no DNS resolving.

Debug Token:

N/A

Not sure what I can do to make pihole, unbound and openvpn work together. Thanks.

Can you share your server.conf and your OpenVPN version ?

I have a feeling the changes (even though made in server.conf, do not reload properly).

See if systemctl restart openvpn-server@server reloads (and doesn’t pop an error) the service.

2 Likes

Thanks a lot @RamSet .
I installed and configured OpenVPN on top of pihole and unbound this time again. It works without any issue now.
I believe systemctl restart openvpn-server@server did the trick.
The only difference last time from today is I used service openvpn restart instead.

pi@pihole:~ $ sudo cat /etc/openvpn/server/server.conf
local 192.168.1.6
port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh.pem
auth SHA512
tls-crypt tc.key
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 192.168.1.6"
push "route 192.168.1.0 255.255.255.0"
keepalive 10 120
cipher AES-256-CBC
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 3
crl-verify crl.pem
explicit-exit-notify


pi@pihole:~ $ openvpn --version
OpenVPN 2.4.7 arm-unknown-linux-gnueabihf [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Feb 20 2019
library versions: OpenSSL 1.1.1d  10 Sep 2019, LZO 2.10
Originally developed by James Yonan
Copyright (C) 2002-2018 OpenVPN Inc <sales@openvpn.net>
Compile time defines: enable_async_push=no enable_comp_stub=no enable_crypto=yes enable_crypto_ofb_cfb=yes enable_debug=yes enable_def_auth=yes enable_dependency_tracking=no enable_dlopen=unknown enable_dlopen_self=unknown enable_dlopen_self_static=unknown enable_fast_install=needless enable_fragment=yes enable_iproute2=yes enable_libtool_lock=yes enable_lz4=yes enable_lzo=yes enable_maintainer_mode=no enable_management=yes enable_multihome=yes enable_pam_dlopen=no enable_pedantic=no enable_pf=yes enable_pkcs11=yes enable_plugin_auth_pam=yes enable_plugin_down_root=yes enable_plugins=yes enable_port_share=yes enable_selinux=no enable_server=yes enable_shared=yes enable_shared_with_static_runtimes=no enable_silent_rules=no enable_small=no enable_static=yes enable_strict=no enable_strict_options=no enable_systemd=yes enable_werror=no enable_win32_dll=yes enable_x509_alt_username=yes with_aix_soname=aix with_crypto_library=openssl with_gnu_ld=yes with_mem_check=no with_sysroot=no