Please follow the below template, it will help us to help you!
Expected Behaviour:
Browse to macworld.com and the webpage should come up
Actual Behaviour:
Time out, nothing loads
Debug Token:
h7hgbyint6
I have setup PiHole & OpenVPn following the instructions at Redirecting... on a Digital Ocean droplet (Debian 9.7 x64 - tried both 1GB and 2GB of RAM)
OpenVPN is connecting and setting up correctly from what I can see
On my Macbook Pro I can run "dig macworld.com" and it shows that 10.8.0.1 is answering my DNS query and gives me the IP addresses, but if I try going there with my browser (Safari or Firefox) I get an eventual time out, tailing the pihole.log it is like I see no traffic from the web browser.
If I "dig doubleclick.net", and IP address of 0.0.0.0 is returned by the PiHole.
With wireshark I can see a pile of traffic going to the OpenVPN server and the DNS queries are being routed there, but web browsing, mail, iMessage, etc all stop working.
I have found that the only webpage I can open is the PiHole Admin console when connected to the VPN/PiHole Server.
I can see that the DNS is getting set correctly from the OpenVPN server:
goldenrod/2xx.xxx.xxx.73:12336 SENT CONTROL [goldenrod]: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 10.8.0.1,route-gateway 10.8.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 10.8.0.3 255.255.255.0,peer-id 0,cipher AES-256-GCM' (status=1)
My gut feel here is that something is off in the iptables rules from Redirecting... as the IPv4 rules are created, but in their listing, there are a number of rules with the 10.8.0.0/24 source that I do not get created when running the same statements, the listing I have is closer to the IPv6.
Chain INPUT (policy DROP)
num target prot opt source destination
1 ACCEPT all -- anywhere anywhere
2 ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
3 ACCEPT all -- anywhere anywhere
4 ACCEPT tcp -- anywhere anywhere tcp dpt:domain
5 ACCEPT udp -- anywhere anywhere udp dpt:domain
6 ACCEPT tcp -- anywhere anywhere tcp dpt:http
7 ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
8 ACCEPT tcp -- anywhere anywhere tcp dpt:openvpn
9 ACCEPT udp -- anywhere anywhere udp dpt:openvpn
10 REJECT udp -- anywhere anywhere udp dpt:80 reject-with icmp-port-unreachable
11 REJECT tcp -- anywhere anywhere tcp dpt:https reject-with tcp-reset
12 REJECT udp -- anywhere anywhere udp dpt:443 reject-with icmp-port-unreachable
Chain FORWARD (policy ACCEPT)
num target prot opt source destination
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination