Unable to resolve external domains through VPN Cloudflared

Hello — I am trying to set this up and have followed the instructions. I am able to access my Pi-Hole via it's IP address from outside the LAN via the VPN, but DNS does not resolve for external websites.

I am using Cloudflared to enable DoH. My DNS server address on the Pi-Hole is 127.0.0.1#5053.

Is there something else I should add to the server.conf file?

Thanks in advance for your help.

JAW

Did you allow Pi-hole to answer the requests ? (see the screenshot in the initial post).

If yes, what is your push "dhcp-option DNS line looking like ?

Thank you for the help and quick reply.

Yes, listen on all interfaces is checked.

The push line shows the internal IP address of my Pi-Hole:

push “dhcp-option DNS 192.168.0.195”

Is the VPN hosted on the same device with Pi-hole ?

Yes, both are on the same Raspberry Pi.

Can you post the content of you server.conf ?

Sure thing. Thanks again.

dev tun
proto tcp
port 443
ca /etc/openvpn/easy-rsa/pki/ca.crt
cert /etc/openvpn/easy-rsa/pki/issued/server_rY9abfrwcSXuE5vc.crt
key /etc/openvpn/easy-rsa/pki/private/server_rY9abfrwcSXuE5vc.key
dh none
topology subnet
server 10.8.0.0 255.255.255.0
# Set your primary domain name server address for clients
push "dhcp-option DNS 192.168.0.195"
#push "dhcp-option DNS 1.1.1.1"
#push "dhcp-option DNS 1.0.0.1"
# Prevent DNS leaks on Windows
push "block-outside-dns"
# Override the Client default gateway by using 0.0.0.0/1 and
# 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of
# overriding but not wiping out the original default gateway.
push "redirect-gateway def1"
client-to-client
keepalive 1800 3600
remote-cert-tls client
tls-version-min 1.2
tls-crypt /etc/openvpn/easy-rsa/pki/ta.key
cipher AES-256-CBC
auth SHA256
user nobody
group nogroup
persist-key
persist-tun
crl-verify /etc/openvpn/crl.pem
status /var/log/openvpn-status.log 20
status-version 3
syslog
verb 3
#DuplicateCNs allow access control on a less-granular, per user basis.
#Remove # if you will manage access by user instead of device. 
#duplicate-cn
# Generated for use by PiVPN.io

ok

comment out this line (with a # in front) and replace with:

push "dhcp-option DNS 10.8.0.1"

then sudo service openvpn restart reconnect to vpn and try again.

Ok, I gave that a try and it didn't work. I can still hit the Pi-Hole's IP address but no DNS resolution.

My VPN client, Tunnelblick, gave this message:

"After connecting to PiVPN, DNS does not appear to be working.

This may mean that your VPN is not configured correctly."

Thanks again for the help.

Aaaahhh .. Tunnelblick ...

add

comp-lzo

to the server.conf, restart vpn server, reconnect to the server and ignore when tunnelblick complains about th compression ...

Thanks again. That didn't fix it. However, now, I can no longer reach the Pi-Hole via it's IP address and URLs still do not resolve.

I appreciate all the help. FWIW, and for context, I am able to get the VPN working on the Pi with 1.1.1.1/1.0.0.1, just not with the Pi-Hole DNS.

It sounds like there are a whole bunch of conflicts there.

Most likely iptables related, possibly firewall (and perhaps even though i doubt it, Pi-Hole).

I would recommend using OpenVpn Road Warrior as your VPN server.

Very easy to install and it does the whole VPN setup for you ...

Give that a spin and see if it brings you up and running .

Here's my version (installed on 4 different nodes):

Thank you. I’ll give that a try!

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.