The issue I am facing:
I currently have a setup where I have a cloud VPS with Pritunl VPN (uses OpenVPN protocol), and a Pi-hole set up within my LAN on a Pi Zero connected via ethernet to my router. I'm trying to get my VPN to use the Pi-hole as the DNS server for use on a mobile device when I am away from my home network so I can take advantage of both the VPN and the ad-blocking properties of Pi-hole.
On my home computer the VPN is working with Pi-hole just fine. When my phone is connected to my Wi-Fi network Pi-hole also works fine. However when I try to connect my phone to the VPN nothing is able to get thru to Pi-hole and nothing loads (web pages, online apps, etc.).
I tried everything linked here and here to no avail. Instead of editing the server.conf i added the route for my local IP network and set the DNS server to Pi-hole's static IP via the Pritunl web UI since it seems like Pritunl stores server configs in a local database. I know it's some configuration issue with Pritunl and/or Pihole because when I change the DNS server in Pritunl to an external one e.g. 1.1.1.1 connecting to the VPN on my phone works just fine.
Details about my system:
OS: on PC: WIndows 10, Mobile: Android 13
Pihole: v5.17.1
FTL: v5.23
Interface setting is currently set to: Permit all origins
This reads like a networking issue rather than a Pi-hole one.
You may want to consider also consulting forums specialising in VPN networking.
One interesting question to answer seems to be:
How do you establish the connection from your cloud VPS to your home network?
Is your Pi-hole host machine configured to authenticate against your VPS in order to access it, i.e. is it running respective VPN client software?
Thanks for the reply! I'll be sure to reach out in some networking forums.
Regarding your question: Pritunl has a client application that I use on my home PC to connect to the VPN. For my phone I use the OpenVPN app. Pi-hole doesn't run any of the client software. Does Pihole need to be connected to the VPN as a client to be used as a DNS over the VPN? I'd like to open up the Pihole to be accessed as a DNS thru my VPN as an option, but not require a VPN connection to do so if that makes sense.
Then change that - to be accessible via VPN, your Pi-hole host machine has to become a citizen of that VPN. If supported, you could also consider to host Pi-hole on your VPN server.
Alternatively, you could make that machine publically available.
But apart from the security implications for your home network, that would turn your Pi-hole into an open resolver, which would pose a potential threat for all Internet users, e.g. by serving as a multiplier in a DNS Amplification attack .
The Pi-hole team strongly discourages Pi-hole’s usage as an open resolver, and we won't provide support in that case.
So I tried connecting to the VPN on my Pi Zero with the openvpn client via the CLI. I managed to get the Host connected to the VPN but I was still unable to connect to the internet on my mobile phone when connecting it to the same VPN. Still not sure what the issue is. Are there some network logs I could check out somewhere to see on either end if my phone is even trying to hit the Pihole for DNS resolution or if Pihole is just rejecting that traffic?
Pritunl very likely requires specific configuration for a custom DNS server.
I can't comment on any such requirement.
Pritunl's support would seem a better place for seeking advice on related questions.
If your phone's requests make it to your Pi-hole, you should either see your phone's DNS requests register in Pi-hole's Query Log, or you should see a Ignoring query from non-local network warning in Pi-hole's diagnosis.
The latter is unlikely now that you should have a VPN network interface on your Pi-hole, even if you had switched Interface listening away from Permit all origins in the meantime.
A phone is not the best platform to analyse your issue, as it lacks access to CLI, and substitute terminal apps would often use hard-coded Google's DNS server.
If you can, use a laptop or PC, and try to run: