Hello,so recently i've purchased vpn services. But soon i discovered that when i turned on the vpn services, pihole will be malfunctioning. Is it possible to keep both service(VPN,Pi-hole) running smoothly at the same time? Thanks!
Hardware: Raspberry pi 4
It's likely not Pi-hole that is malfunctioning, it is your clients connecting via VPN that may either encounter difficulties accessing Pi-hole or ignore Pi-hole altogether.
You would normally push Pi-hole into your VPN as a DHCP option on the VPN server, but you'd have to consult your chosen VPN provider how to inject a local custom DNS server into your VPN, and whether that's possible at all.
If you would disclose what VPN service provider you are using (preferably in your topic's title), you'd improve your chances of attracting other users on this forum with similar relevant experiences.
Thanks for the reply! I am currently using SurfShark VPN, is there any possible way to check is my vpn provider providing such services?
You can use ZeroTier for that too.
Hello.First of all, Thanks all of you for your reply. These days,i've looking for solution to solve this problem, and finally, from https://serverfault.com/questions/416708/how-to-ensure-openvpn-connection-uses-specific-dns this article, i found the solution.
Note that the solution is probably compatible with vpn service providing open vpn file only. I've only tried it with SurfShark vpn only.
Solution
just simply add a line: dhcp-option DNS [192.168.1.1](replace the ip inside blanket with your own pi-hole ip address) into your .opvn file and save it. That's it.
Hope this could help!
I tried adding that line to my .ovpn file but it doesn't seem to work for me. Does it matter where in the file the line appears? Is there any other configurations that might need to be changed?
how are you (anyone) verifying that it does not work. are surfshark dns still in use?
are you depending on output from say an external site like www.browserleaks.net?
Windows client:
C:\>netsh interface ip show dnsservers
Configuration for interface "Local Area Connection"
Statically Configured DNS Servers: 10.0.0.4
Register with which suffix: Primary only
Configuration for interface "Loopback Pseudo-Interface 1"
Statically Configured DNS Servers: None
Register with which suffix: None
EDIT: And for IPv6:
C:\>netsh interface ipv6 show dnsservers
Configuration for interface "Loopback Pseudo-Interface 1"
Statically Configured DNS Servers: fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
Register with which suffix: Primary only
MacOS client:
$ scutil --dns
DNS configuration
resolver #1
search domain[0] : dehakkelaar.nl
nameserver[0] : 10.0.0.4
if_index : 4 (en0)
flags : Request A records
reach : 0x00020002 (Reachable,Directly Reachable Address)
Linux client with dhcpcd5 network manager (Raspbian distro):
$ dhcpcd --dumplease eth0
[..]
domain_name_servers='10.0.0.1'
[..]
Linux client with "NetworkManager":
$ nmcli
[..]
DNS configuration:
servers: 10.0.0.2
domains: dehakkelaar.nl
interface: wlan0
And there are other network managers available for Linux distros that each have their own syntax.
thankyou.
my output is the following.
i am on wifi to my router with vpn enabled via a opvn file.
i did not need to add 192.168.0.68 to the ovpn file.
192.168.0.68 is my pi-hole reserved ip in dhcp via router.
my problem is its cumbersome to change vpn region via the router interface when i want to..
using the vpn provider's windows client is much faster to toggle regions.
unfortunately while using the app, and this is surfshark too, there appears to be no way to avoid using their DNS servers (that i know of), or in other words continue using the pi-hole when their vpn windows client is in use.
in my router could i route data meant for 162.252.172.57 (vpn provider DNS) to 192.168.0.68 (my pi-hole)
Can you copy paste instead of those screenshots pls ?
Enclose the code with the </> button before posting.
You could try something along below lines after connected (for maybe both interfaces):
netsh interface ipv4 delete dnsservers name="INTERFACE_NAME" address=all validate=no
netsh interface ipv4 add dnsservers name="INTERFACE_NAME" address=192.168.0.68 index=1 validate=no
And check again:
netsh interface ip show dnsservers
this is the resulting output after trying out what you suggested. so its able to remove and then put in place, whatever dns i want, in this case 192.168.0.68, wow.
i did a nslookup using espn.com by the way, and it resolves using the pihole.
but yet, when i tried to hit espn.com on any of my 3 webbrowsers, firefox, chromium edge, IE, it won't take me there, it can't resolve. not just espn but any site.
i also tested what would happen if i disconnected from the vpn app, and reconnected,,,, as suspected the app loads its own DNS back in.
i wouldnt mind deleting it every time, but for some reason actual web browsing doesnt work.
C:\WINDOWS\system32>netsh interface ip show dnsservers
Configuration for interface "IKEv2-Surfshark Connection"
Statically Configured DNS Servers: 192.168.0.68
Register with which suffix: None
Configuration for interface "Loopback Pseudo-Interface 1"
Statically Configured DNS Servers: None
Register with which suffix: None
Configuration for interface "Ethernet 2"
DNS servers configured through DHCP: 192.168.0.1
Register with which suffix: Primary only
Configuration for interface "Ethernet"
DNS servers configured through DHCP: None
Register with which suffix: Primary only
Configuration for interface "Wi-Fi"
Statically Configured DNS Servers: 192.168.0.68
Register with which suffix: Both primary and connection-specific
Configuration for interface "Local Area Connection* 5"
DNS servers configured through DHCP: None
Register with which suffix: Primary only
Configuration for interface "Local Area Connection* 6"
DNS servers configured through DHCP: None
Register with which suffix: Primary only
Could you post full output for below on that client after the DNS alterations with netsh ?
nslookup pi.hole
nslookup espn.com
If nslookup is functioning but browsers arent, I dont know whats happening.
Make sure the browser is killed properly by also checking the processes list in task manager.
You could script it that runs the VPN dialer and those two netsh lines, drag a shortcut to desktop, and run that one to start the VPN.
C:\WINDOWS\system32>netsh interface ip show dnsservers
Configuration for interface "IKEv2-Surfshark Connection"
Statically Configured DNS Servers: 192.168.0.68
Register with which suffix: None
Configuration for interface "Loopback Pseudo-Interface 1"
Statically Configured DNS Servers: None
Register with which suffix: None
Configuration for interface "Ethernet 2"
DNS servers configured through DHCP: 192.168.0.1
Register with which suffix: Primary only
Configuration for interface "Ethernet"
DNS servers configured through DHCP: None
Register with which suffix: Primary only
Configuration for interface "Wi-Fi"
Statically Configured DNS Servers: 192.168.0.68
Register with which suffix: Both primary and connection-specific
Configuration for interface "Local Area Connection* 5"
DNS servers configured through DHCP: None
Register with which suffix: Primary only
Configuration for interface "Local Area Connection* 6"
DNS servers configured through DHCP: None
Register with which suffix: Primary only
C:\WINDOWS\system32>nslookup espn.com
Server: rabbithole
Address: 192.168.0.68
Non-authoritative answer:
Name: espn.com
Addresses: 13.224.214.115
13.224.214.24
13.224.214.80
13.224.214.39
C:\WINDOWS\system32>nslookup pi.hole
Server: rabbithole
Address: 192.168.0.68
Name: pi.hole
Address: 192.168.0.68
yeah sadly the browsers dont work. the cant reach websites,
i didnt have them open until after the dns alterations were done -edge and ie. i kept firefox open becuase im viewing this thread.
Had a thought, maybe you have to do a:
ipconfig /flushdns
Outa ideas 
flushdns didn't work but what did work is the following:
C:\WINDOWS\system32>netsh interface ip show dnsservers
Configuration for interface "IKEv2-Surfshark Connection"
Statically Configured DNS Servers: None
Register with which suffix: None
Configuration for interface "Loopback Pseudo-Interface 1"
Statically Configured DNS Servers: None
Register with which suffix: None
Configuration for interface "Ethernet 2"
DNS servers configured through DHCP: 192.168.0.1
Register with which suffix: Primary only
Configuration for interface "Ethernet"
DNS servers configured through DHCP: None
Register with which suffix: Primary only
Configuration for interface "Wi-Fi"
DNS servers configured through DHCP: 192.168.0.68
Register with which suffix: Both primary and connection-specific
Configuration for interface "Local Area Connection* 5"
DNS servers configured through DHCP: None
Register with which suffix: Primary only
basically I have to delete the DNS off of this interface but don't ADD back the pi-hole.
Configuration for interface "IKEv2-Surfshark Connection"
Statically Configured DNS Servers: None
Register with which suffix: None
Then i'm able to load web pages.
Then i went to verify that the vpn app was still working and having me at the right region (dallas) and it is!
cool.... so this seems to be a method to change region but also use my pi-hole...
thanks!
I'll be donating to you folks!
1 Like