Pihole+Unbound+OpenVPN No DNS

Please follow the below template, it will help us to help you!

Expected Behaviour:

Followed https://docs.pi-hole.net/guides/vpn/overview/ to install openvpn on a raspbian which already has a running pihole+unbound.
The only difference between my steps with the docs is I had a pihole+unbound first, then install openvpn later. I didn’t choose tun0 interface to configure pihole as it was already running fine on eth0. I assumed to change the listen interfaces to all on pihole dashboard will work.

Actual Behaviour:

no matter I push which DNS server in OpenVPN configuration file, on OpenVPN client log, the DNS always shows (I think it may relate to pihole use to query unbound)
After connect OpenVPN, the intranet and Internet both works via IP addresses, no DNS resolving.

Debug Token:


Not sure what I can do to make pihole, unbound and openvpn work together. Thanks.

Can you share your server.conf and your OpenVPN version ?

I have a feeling the changes (even though made in server.conf, do not reload properly).

See if systemctl restart openvpn-server@server reloads (and doesn’t pop an error) the service.


Thanks a lot @RamSet .
I installed and configured OpenVPN on top of pihole and unbound this time again. It works without any issue now.
I believe systemctl restart openvpn-server@server did the trick.
The only difference last time from today is I used service openvpn restart instead.

pi@pihole:~ $ sudo cat /etc/openvpn/server/server.conf
port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh.pem
auth SHA512
tls-crypt tc.key
topology subnet
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS"
push "route"
keepalive 10 120
cipher AES-256-CBC
user nobody
group nogroup
status openvpn-status.log
verb 3
crl-verify crl.pem

pi@pihole:~ $ openvpn --version
OpenVPN 2.4.7 arm-unknown-linux-gnueabihf [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Feb 20 2019
library versions: OpenSSL 1.1.1d  10 Sep 2019, LZO 2.10
Originally developed by James Yonan
Copyright (C) 2002-2018 OpenVPN Inc <sales@openvpn.net>
Compile time defines: enable_async_push=no enable_comp_stub=no enable_crypto=yes enable_crypto_ofb_cfb=yes enable_debug=yes enable_def_auth=yes enable_dependency_tracking=no enable_dlopen=unknown enable_dlopen_self=unknown enable_dlopen_self_static=unknown enable_fast_install=needless enable_fragment=yes enable_iproute2=yes enable_libtool_lock=yes enable_lz4=yes enable_lzo=yes enable_maintainer_mode=no enable_management=yes enable_multihome=yes enable_pam_dlopen=no enable_pedantic=no enable_pf=yes enable_pkcs11=yes enable_plugin_auth_pam=yes enable_plugin_down_root=yes enable_plugins=yes enable_port_share=yes enable_selinux=no enable_server=yes enable_shared=yes enable_shared_with_static_runtimes=no enable_silent_rules=no enable_small=no enable_static=yes enable_strict=no enable_strict_options=no enable_systemd=yes enable_werror=no enable_win32_dll=yes enable_x509_alt_username=yes with_aix_soname=aix with_crypto_library=openssl with_gnu_ld=yes with_mem_check=no with_sysroot=no