Ok, Pi-hole is running now, and now I trie to finish the Pivpn installation.
It asks wich DNS provider I want to use for the VPN clients.
I can choose a lot (Google, OpenDNS, Level3, etc). I can also choose custom, to use my own DNS provider.
Is that what I have to choose? So I can use the Pi-hole address?
Yes, I believe you want to choose Custom and choose your Pi-hole. And you should have already chosen the upstream servers when you installed Pi-hole.
Upstream I choosed Google.
Maybe I can change that afterwards, if that is needed?
EDIT: After choosing custom, the next question is which upstream DNS provider I will use.
Do I enter here the Pi-hole address?
You can run pihole -r to reconfigure Pi-hole's settings.
Ok guys. The combination of Pi-hole and OpenVPN is working well now.
It was not so difficult at all. I have only a few questions:
-
I observe that the speed of the connection over VPN is drastically slower than without VPN.
My connection is a 100/100 Mbit fiber connection. Without VPN the speed is around the 50Mbit (mobile devices like a Android phone, at my wired connection it is 100 Mbit), with VPN it is around 5 Mbit (phone and wired connection).
Is the bottleneck here the Wifi chip of the Raspberry Pi Zero W? -
Is it possible that someone check my firewall rules of the Pi? If yes, can I post them directly to this topic, or have I send this in a private message?
Thanks a lot for helping!
Possibly. Wireless N is 300 Mbps, but as with any wireless connection, about half of that is required for overhead just to maintain the connection.[quote="PatBuf, post:15, topic:3525"]
Is it possible that someone check my firewall rules of the Pi? If yes, can I post them directly to this topic, or have I send this in a private message?
[/quote]
This is the preferred method to securely send us information:
Also, we have done some investigation on how much traffic a Pi3 can handle encrypted over VPN and found it to about 15MBit.
I'd like to point you to this link where you can configure the VPN to route only DNS traffic, thus reducing the bottleneck.
Sorry for my late reaction. Due to circumstances, I wasn't able to answer.
If I route only DNS trough VPN, will that mean that only webpages are over a secured VPN connection?
Or will apps like Gmail, or a banking app, also trough VPN?
This is important for me, because, when I go on holiday, I want use VPN to sure I'm safe on a open Wifi network.
So next thing is to try to send a log of my firewall rules to the secured server.
Thanks.
Okay, then you shouldn't do this. The two options are:
-
Route all traffic through the VPN
This may be slow as all traffic will be routed through the VPN. However, it will be safe even if the WiFi connection during your holidays is insecure. -
Route only DNS traffic through VPN
This may be significantly faster than the first option. However, there will be little to no added security through insecure connections.
Thanks for the answer. It is not a big problem for now. I think 5Mbit is fast enough to do things like searching internet and using a banking app.
I tried to upload a file via the secured server. I'm not sure if this is going right. How do you know that the file is from me? And how do I get an answer on the file? In my case the firewall rules.
I used this command:
echo <filepath/filename.txt> | nc tricorder.pi-hole.net 9999
Then I get a 10 digit code.
Then I used: echo "help me" | nc tricorder.pi-hole.net 9999 <10 digit code>
But after that rule I get a new 10 digit code. So I think something went wrong.
Thanks.
The 10 digit code is the token that we use to access your uploads on the Tricorder server. So every upload will generate a new token.
If you'd like us to take a look at a log or an upload to see what we can find, you'll have to post the token here for us. It's a secured system, even if everyone knows your token there are only 5 people that can currently see anything on Tricorder.pi-hole.net. (You can check that by going to that server and you'll see that you are unable to log in as you don't have the proper credentials.)
Yes, That was a bit stupid of me.
A new try. I hope everything went well now.
The token is: 9y09g8nixe
Thanks.
The information uploaded was just the path to a file about your firewall...it wasn't a full log file. Will you try again?
I used this command: echo /home/pi/Documents/Firewallrules.txt | nc tricorder.pi-hole.net 9999
Then I got that token en post it.
You need to cat the file's content to be uploaded; when you used echo it just uploaded the file path to the server. Try again with
cat /home/pi/Documents/Firewallrules.txt | nc tricorder.pi-hole.net 9999
and post the debug token.
I tried that too. But then I get back:
cat: /home/pi/Documents/Firewallrules.txt: No such file or directory Use netcat.
Does
cat /home/pi/Documents/Firewallrules.txt
actually output the contents of the file? It looks like that file doesn't exist.
Apparently I have to put the extension .txt at the end of the file.
So I did that, and now got a token:
cxm2mojf87
Thanks.
I've been traveling a lot lately and haven't had a chance to check what was going on here. You you please re-upload your file?
Background: Our backend deletes any uploaded data after 48 hours, so I cannot access the data using your token, anymore. However, I should have time to look at your file on Wednesday.
No probs. I uploaded it again:
1tlfqlukqk
Thanks.