Vpyrvpn

gregg_a_g · November 21, 2019, 12:21am

Hi, New to Pi-hole, but it looks great. I was able to setup Pi-hole on a low-power Debian machine that I use for Asterisk and NFS server. I keep this machine running all the time to handle my VOIP phone answering machine (on Asterisk). I also user VyprVPN. When I connect to my home router from a client machine without Openvpn (and so no Vyrvpn), Pi-hole seems to block ads. So that looks okay.

If I try to connect to VpyrVPN (via Openvpn), then Pi-hole doesn't seem to block ads anymore.
When I look at /etc/resolv.conf, I notice that NetworkManager ads "nameserver 10.2.3.1" to the /etc/resolv.conf file. Then, Pi-hole doesn't work anymore.

I tried to add a file /etc/openvpn/client/client.conf

script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf

and then in /etc/openvpn/update-resolv-conf
I have added the line
dhcp-option DNS 192.168.0.10

Even after all these steps, my /etc/resolv.conf still ads "nameserver 10.2.3.1" when I start the VPN connection.

Any idea how to fix this?

Kind regards,
Gregg G.

jfb · November 21, 2019, 12:23am

With most VPN services, to prevent a DNS leak, the VPN DNS server is used. This puts all your traffic (data and DNS) within the VPN's tunnel. Check with your VPN provider and see if they have an option not to do this.

gregg_a_g · November 21, 2019, 12:39am

Hi, jfb. Yes, I have done some research, and it appears that VyprDNS offers a more secure DNS in the tunnel for some platforms, but it doesn't seem they have an app for Debian!
So as far as I can tell, I can use any DNS server. The issue seems to be that on my Debian box, Network-Manager keeps adding the tunnel to the resolv.conf file. The tunnel is just using the Google DNS servers. If I could just get it so that Network-Manager and Openvpn only used my Pi-hole DNS, I think it would work okay. It's probably more of a Linux/Debian/Network-Manager/Openvpn question than anything specifically with VyprVPN or Pi-hole.

Maybe I'm way off base, but I think I'm close.

Kind regards,
Gregg G.

deHakkelaar · November 21, 2019, 1:44am

Does it run a desktop ?
Or can you x11 export DISPLAY to a Linux box with desktop so you can run below to check profiles:

sudo nm-connection-editor

I dont know where network-manager stores its profiles so cant help you with that.

Do you need network-manager as Pi-hole comes with its own network manager called dhcpcd5 ?

If not, below one disables it at boot:

sudo systemctl disable network-manager

Check with:

sudo service network-manager status

gregg_a_g · November 21, 2019, 4:56am

Thanks for everyone's help! I guess I was not explaining my situation very well, but I have resolved the issue. On my client connections, NM was overwriting resolv.conf. The solution
was to ensure that the openvpn connection has IPv4 Settings, Method j"Automatic (VPN) addresses only". Now resolv.conf doesn't have the tunnel DNS added.

Jeff_K_Daniel · November 30, 2019, 5:31pm

Can I get a list of free vpn for Android. All the VPN which I have tried till now are most of them is paid and some of them shows ads too much that it can very hard to use them. Please suggest me some good VPNs.