See my PiHole enabled OpenVPN Server


Does that sound like what you want?

Yes! Initially I setup my router to route all traffic through there but without a decent server setup this seems like too much of a constrain on my mobile performance. It works though: no ads when connected to it. But it is sloooooowww.

I’ve always used AdAway on all of my (Android) devices but the company I (am going to) work for does not allow rooted devices to be used on the premises. So I wanted to swap to remotely calling my PiHole as the primary DNS server to still block all tracking, malware and (most) ads.

But, after reading up on this project the past weeks and watching this video I wholeheartedly agree with not simply forwarding port 53 and making my Pi visible to the public. So I guess a VPN it is.


Yeah, open resolvers are a thread that should not be underestimated! AFAIK the open resolvers found on the web can sum up to more than 20Gbps attacking power. Open resolvers are vulnerable to DNS amplification attacks (usually).

Either limit your Pi-hole to only answer to certain IP ranges (which might be hard to know beforehand, esp. when on mobile) or go VPN. VPN should be the preferred route. I will update our Pi-hole OpenVPN wiki by the instructions how to route only the DNS server, but not the whole internet traffic soon.


I will update our Pi-hole OpenVPN wiki2 by the instructions how to route only the DNS server, but not the whole internet traffic soon.

I want to learn as much as possible and not blindly follow guides but I’ve only started learning writing code a few months ago and the amount of information you find about Linux / Debian / IP Tables / VPN / DNS / hosts files can be overwhelming.

When I’ve learned some more (and got some income) I’d like to put PiHole (or my own similar DNS) on a VPS and use a script or DynDNS on each device / network for access control. But for now setting up PiHole for myself and my family has been a fun and useful way to learn about networking and Linux in general.

It’s especially cool when others like yourself help me out from time to time! Cheers!


@apexalpha See


Can you tell me what the issue might be with RPi 1? I use it and it seems to be working OK.


It might be a bit slow if it has to run PiHole and a OpenVPN server at the same time.


Appreciate you effort SIR! Thank you for this tutorial!


Awesome! Glad it is still helping out.

Also added an update to the tutorial to better fit with how pi-hole handles config files now. Haven’t looked at this thing in a while, figured it’d be good to keep it relevant. :sweat_smile:


Thanks again for the update allowing for the settings to be persistent throughout an update.


Sorry, I’m lost in the instructions of "Long overdue update"
Should I be removing the interface line (interface=eth0) in the 01-pihole.conf file and putting it into a new empty file such as 02-addint.conf?



Pretty close. I think pihole takes your physical nic as a primary, and plugs it in on its own by default (interface=eth0).

We’re needing to remove any custom (manually added by ‘you’) second interfaces listed in 01-pihole.conf to the 02-addint.conf file instead. My manually added interface line was ‘interface=tun0’. So I needed to move it to the new 02 conf file instead of the 01 file made by pihole.

If you only have the one ‘interface=eth0’ line in the 01 file to begin with, it doesn’t need to move. Just put any additional interfaces you want pihole to work with in the separate 02 config file.


I’ve modified the basic premise of openVPN+pihole blocking DNS to include routing the traffic through your local DNS instead of Google’s, see here for further details:


this is a great thread - many thanks to all the contributors. I believe pi hole is one of the best uses for digging out a dormant pi and finally putting it to good use. I hope to implement it soon.

I have a couple of queries. regarding using a vpn purely for DNS - why would you want to do this? wouldn’t it just anonymise the DNS lookup but then initiate an unencrypted HTTP request? It might stop the DNS service (e.g. Google) spying on you but the domain you’re connecting to and your ISP still knows which sites you are visiting, not to mention all the other non-http ports. or am I missing something?

I understand how having an OpenVPN server is good for accessing the pi hole remotely, but I found this thread when searching for a way to use pi hole as an OpenVPN client. I have a VPN subscription which uses OpenVPN and I would like to route all traffic (DNS, HTTP, etc.) through a pi hole device. the setup would be something like Device > Pi Hole > VPN > Internet

has anyone tried this or have any advice on how to achieve it?

many thanks


In general, that is not a good idea. Several users tried that and even with the most recent Raspberry (v3) you cannot expect more than maybe 10 MBit/s bandwidth. The Raspberry hardware is just not powerful enough (and we never designed) for this task. See also this post:

It may, however, possible to achieve what you want by installing a VPN server on the Raspberry and ensuring that it passes its own traffic through the other VPN you already have. Note that there is also an official OpenVPN wiki on Pi-hole’s github pages:


thanks for your response. I have a 2Mb broadband connection so the 10Mb cap is fine. I will check out the github page, thanks for the info


Okay. I think this is at the edge of what we can support on this platform, but we will be here to try to assist you in case you need further assistance.


Thank you.

To clarify, what else do I need in the second configuration file?

Do I just but the other interface (tun0) in there and that is it?

Or should I copy the whole 01 config file and just change the interface to tun0?


The 02 config file is just there to preserve the tun0 line (or any other listening interfaces you may want or have).

The pihole setup may alter or change the 01 config file during updates, and it will not add additional interfaces back in on its own without you having to put the line back in manually after the fact.

All you need is the one line in that 02 file. :slight_smile:


My original goal with the VPN setup was to basically have my cellphone pull all DNS queries through my pihole device when I’m out and about. Limiting ads I see when browsing, and general popup blocking etc. I didn’t really need or care about high through-put. Now, I’m finding it more useful to either SSH or RDP into my home computer or other boxes while I’m away if I’m in a pinch and need to check stuff. :smile:


Okay awesome. I finally got everything working. Now I want to use the pihole as the DHCP server rather than my router. However, when I make the change, the VPN no longer works.