- I have a server, with PiHole and OpenVPN server (to access PiHole from outside the network)
- I want to use OpenVPN on my devices, lets say an Android 12 phone, for DNS querys only
Right now it does anything but that: Uses VPN for traffic, but not DNS. What it does:
- All HTTP/SpeedTest traffic goes trough VPN (checked with nmon network traffic monitor on the server and SpeedTest)
- Sometimes the PiHole DNS is used, but not all the time (looking at PiHole logs)
Also: - The DNS server can be pinged from VPN client (after VPN is established)
- Port 53 is accessible with telnet from VPN client
port 1194
dev tun
user nobody
group nogroup
persist-key
persist-tun
keepalive 10 120
topology subnet
server XXX.YYY.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
#push "dhcp-option DNS XXX.XXX.XXX.XXX"
#push "dhcp-option DNS XXX.XXX.XXX.XXX"
#push "redirect-gateway def1 bypass-dhcp"
#push "def1 bypass-dhcp"
dh none
ecdh-curve prime256v1
tls-crypt tls-crypt.key
crl-verify crl.pem
ca ca.crt
cert server_gBLlImXIby1mXydi.crt
key server_gBLlImXIby1mXydi.key
auth SHA256
cipher AES-128-GCM
ncp-ciphers AES-128-GCM
tls-server
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
client-config-dir /etc/openvpn/ccd
status /var/log/openvpn/status.log
verb 3
Client: (added route to local network, ignore redirect-gateway, added local DNS of PiHole, block-outside-dns)
client
dev tun
proto udp
remote vpn.$MYDOMAIN.$SOMETHING 1194
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
auth SHA512
cipher AES-256-CBC
ignore-unknown-option block-outside-dns
verb 3
route $LOCALNETWORK 255.255.255.0
pull-filter ignore "redirect-gateway"
dhcp-option DNS $LOCAL_DNS_IP
register-dns
block-outside-dns
<ca>
-----BEGIN CERTIFICATE-----
...
Phone settings: (This is all copied from PingTools app. provider is my mobile "ISP")
IPv4: $providerIP
VPN IPv4: $correctVpnIp
Gateway: $providerGateway
DNS1: $PiHoleDNS
# I THINK I CANNOT REMOVE DNS2 AND DNS3. THEESE ARE DNS1 AND DNS2 WHEN VPN IS NOT CONNECTED
DNS2: 1.1.1.1
DNS3: 1.0.0.1
Network address: $providerNetwork
Phone settings look OK, but gateway is ignored, as all traffic goes trough VPN.
DNS1-3 seem to be used at random, or in some pattern I do not see.
So:
- Is my config OK, or did I miss something? Im starting to suspect I have an Android problem
- Does anyone know if DNS2-3 can be disabled on Android or with OpenVPN settings?
- Can I limit VPN with ports? Like: only allow port 53 on this VPN and solve traffic problem like that?
Pikzigmar