How to use VPN Server to connect to Pi-Hole and filter ads on the go?

Hi All,

I have Hassio up and running flawlessly. I have been able to get every single thing in my home working flawlessly including the automations, but now I want to take it one step further with the Pi-Hole add-on and be able to use it remotely while I am away from home. I am not a networking guy so I am having a hard time trying to figure out how to get it working correctly.

Right now I have a router TP-Link Archer C9 which has a VPN server (OpenVPN or PPTP). I am using OpenVPN in this case. I also have a DDNS configured so I can always reach my network regardless of my public IP.

My LAN is on: 192.168.0.1/24
Router IP: 192.168.0.1
Hassio IP: 192.168.0.100

The DHCP is being managed by my router and the DHCP Primary DNS in my router is pointing to my Hassio IP as follows:

DHCP address pool: 192.168.0.100 to 192.168.0.230
Gateway: 192.168.0.1 (Router)
Primary DNS: 192.168.0.100 (Hassio/Pi-Hole)

This work perfectly for any device connected to my router, however when I am connected to my home via VPN the ads are NOT being filtered, I can access all my LAN devices (Including Hassio and the Pi-Hole web interface) and reach the internet.
My VPN Subnet is configured as follows:

VPN Subnet/Netmask: 10.8.0.0/24

As far as I understand since it does not fall within the DHCP and it wouldn’t use the DHCP Primary DNS.

If I try to change the VPN Subnet/Mask to 192.168.0.1 (or 192.168.0.100, 192.168.0.230, 192.168.0.240 (240 is already out of the DHCP range, but I get the same error) ) I get an error that my VPN Subnet/Netmask conflicts with the reserved IP addresses.
If I try 192.168.1.0 it doesn’t throw any error but since it doesn’t fall within the DHCP it does not use the DHCP Primary DNS which points to my Hassio/Pi-Hole.

I also tried setting the Primary DNS of my router (NOT the DHCP Primary DNS) to my Hassio however it tells me that the DNS server IP and LAN IP address cannot be in the same subnet.

Could anyone get me on the right track on to achieve this? I need a Networking 101 for Dummies guide.

I’d really like to get rid of ads on the go. All I wanna do is be able to access my home network and get my ads filtered on my Android phone while I am away, which I am doing right now, except that the ads are not being filtered by what seems to be an obvious reason but I am still unaware on how to make it work. :slight_smile:

Thanks!

I am unaware of exactly how to do this as I haven’t done it, but you need to set your openvpn server’s dns to the pi hole ip.

I believe the default config will make the gateway the dns server (which 99% of the time is the right thing to do).

1 Like

I have checked the OpenVPN and PPTP VPN but sadly there’s no gateway/DNS setting.
openvpn

However I found a workaround, in the .ovpn file it’s just a matter of adding one line:

dhcp-option DNS YOURHASSIOIP

for obvious reasons this will only work on your own private VPN for all the people using the VPN functions of their router to access their LAN.

Good to see it worked out. I am planning a VPN and PiHole setup soon, which is why I knew in concept, but not looked into the detail. I will save this…

@gurbina93
I had this setup working for the last 6 months without any problems but recently I can connect to my pivpn (running on a separate pi) but cannot access my local LAN or internet.
This appears to be a common problem and after online research I have found that I need to set my pivpn dns as my pihole ip.
I have set this up but it also appears I need to edit a file in pihole https://github.com/pivpn/pivpn/wiki/FAQ#installing-with-pi-hole
any ideas how I can perform this when running pihole in hassio? Or any advice on investigating why my initial setup has now decided to stop working?

Thanks

Adding that line to the bottom of my ovpn file worked like a charm. Thanks!

Wanted to add to this - if you’re using a iPhone and the oVPN app, you may also want to go into settings and turn off the DNS Fallback. At the very least it’ll give you a clue that something is up with your pi-hole instead of serving you ads and allowing traffic.