Situation: I want to use a Raspberry Pi Zero W for Pihole in combination with PiVPN (OpenVPN) to block adds inside and outside my network.
Installing only PiVPN works fine, installing only Pihole works also fine.
But when I install PiVPN in combination with Pihole (first PiVPN then Pihole), the Raspberry crashes after selecting the Pihole options for installation. After that crash it is no longer possible to reach the Pi via remote desktop. Connecting trough OpenVPN is also impassible.
I read and watch a couple of tutorials, and they says all that you must install PiVPN first, so you can select tun0 while installing Pihole. That is necessary to get Pihole working trough VPN.
It has now happened 3 times that the installation crashed.
A weird thing is that it looks like that Pihole is not installed when I connect to my Pi locally (screen). Because when I typed Pihole commands, the terminal don't recognize them.
First I want to know is what happened with the installation? When I power up the Pi, my router will see them, and gets the IP. But 'Advanced IP scanner' gives the status 'dead'.
Which settings have I to choose during the Pihole installation? When choosing the wrong things, is it normal that the whole installation crashes?
I used that tutorial to install it. But instead of OpenVPN I used PiVPN. Is that a problem?
The tutorial suggest that it will work after step 'Setup OpenVPN server'.
In my case when I did the Pi-hole installation, the Pi crashes, like I said before.
If I look to 'OpenVPN server: Dual operation: LAN & VPN at the same time', I think I have to do also that step? Is that right?
And in the Dual operation… part of the tutorial, is the used 'inet addr' an external IP at the 'eth0' adapter?
Well PiVPN tries to help you set up the entire VPN with little effort, which is an homage to our installer, so it may be a bit different than the tutorial I linked to. I haven't actually used the PiVPN installer myself, so I can't speak from experience.
Can you send us the /etc/pihole/install.log and maybe we can see what's happening?
I wrote the tutorial and I have to admit that I have never looked at PiVPN, so I cannot tell you if it is a problem or not.
What is the exact output you are seeing then?[quote="PatBuf, post:1, topic:3525"]
But 'Advanced IP scanner' gives the status 'dead'.
[/quote]
I don't know what that is or what is should do. What does dead mean in this context?
It depends on what you want. This step enables you to see your local network through the VPN connection. However, after you performed the installation, Pi-hole should work though the VPN. If you want to have it working also locally, you will have to go the the Settings page (obviously that is only there if the installation succeeds and change a setting -> set it to listen on all interfaces).
Nothing! The Pi hangs for a few seconds, and then the remote connection will be closed. To see what happens I connect the Pi to a screen (without reboot), but the terminal session is closed (maybe has the Pi rebooted itsself). The Pi is no longer reachable through a remote connection, and the VPN connection is also down.
'Dead' is a status message. The connection can be dead or alive. Dead means offline. In my router the Pi will be seen as online. So that is a little bit weird.
Ok, this is specially to use Pihole in my home network AND if I want trough VPN outside my network?
The reason I use PiVPN is that PiVPN gives the possibility to use a password in the OVPN config files. For so far I know OpenVPN does not.
Because the Pihole installation did not pass, the whole /etc/pihole folder is emty.
I can give it a try. But If I do that, it is no longer according to the tutorial. It says you must use tun0 as interface. That is not possible when I install Pihole first?
No worries, we are here to assist you. However, just keep in mind that all developers have already set up a VPN connection (some use OpenVPN, others (like myself) use more "professional" (and a lot more complicated!) variants such as Cisco IPSec) and most likely don't want to mess around with other VPN solutions.
Yes! As you see in the third step, we advise you to re-configure Pi-hole to use eth0 but it is of course fine to have it set like this from the beginning if you do the requested changes to the VPN configuration.
Ok, Pi-hole is running now, and now I trie to finish the Pivpn installation.
It asks wich DNS provider I want to use for the VPN clients.
I can choose a lot (Google, OpenDNS, Level3, etc). I can also choose custom, to use my own DNS provider.
Is that what I have to choose? So I can use the Pi-hole address?
Ok guys. The combination of Pi-hole and OpenVPN is working well now.
It was not so difficult at all. I have only a few questions:
I observe that the speed of the connection over VPN is drastically slower than without VPN.
My connection is a 100/100 Mbit fiber connection. Without VPN the speed is around the 50Mbit (mobile devices like a Android phone, at my wired connection it is 100 Mbit), with VPN it is around 5 Mbit (phone and wired connection).
Is the bottleneck here the Wifi chip of the Raspberry Pi Zero W?
Is it possible that someone check my firewall rules of the Pi? If yes, can I post them directly to this topic, or have I send this in a private message?
Possibly. Wireless N is 300 Mbps, but as with any wireless connection, about half of that is required for overhead just to maintain the connection.[quote="PatBuf, post:15, topic:3525"]
Is it possible that someone check my firewall rules of the Pi? If yes, can I post them directly to this topic, or have I send this in a private message?
[/quote]
This is the preferred method to securely send us information:
Sorry for my late reaction. Due to circumstances, I wasn't able to answer.
If I route only DNS trough VPN, will that mean that only webpages are over a secured VPN connection?
Or will apps like Gmail, or a banking app, also trough VPN?
This is important for me, because, when I go on holiday, I want use VPN to sure I'm safe on a open Wifi network.
So next thing is to try to send a log of my firewall rules to the secured server.
Okay, then you shouldn't do this. The two options are:
Route all traffic through the VPN
This may be slow as all traffic will be routed through the VPN. However, it will be safe even if the WiFi connection during your holidays is insecure.
Route only DNS traffic through VPN
This may be significantly faster than the first option. However, there will be little to no added security through insecure connections.
Thanks for the answer. It is not a big problem for now. I think 5Mbit is fast enough to do things like searching internet and using a banking app.
I tried to upload a file via the secured server. I'm not sure if this is going right. How do you know that the file is from me? And how do I get an answer on the file? In my case the firewall rules.
I used this command:
echo <filepath/filename.txt> | nc tricorder.pi-hole.net 9999
Then I get a 10 digit code.
Then I used: echo "help me" | nc tricorder.pi-hole.net 9999 <10 digit code>
But after that rule I get a new 10 digit code. So I think something went wrong.