What's new
By:

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Asus VPN server and Pi-hole

E

eastavin

Senior Member
Hi. A friend with next to no networking experience has configured his asus-pro ax86u router to use Pihole for ad-blocking, DNS (unbound) and DHCP. I said congratulations. amazing what you can learn at youtube college. As far as I can tell everything works ok when I am using a pc on his LAN. The pi-hole is at 192.168.3.50. This has been assigned on the WAN page for DNS and the DHCP on the router turned off. He now wants to access his router remotely, so he configured wireguard using the default settings and scanned the code with his android smartphone. At this point he finds he can surf the net and log into his router at x.x.3.1. However he is also running a server with proxmox and wants to be able to access the admin page. I can access it from the PC on the lan just fine. The internal address for this is something like proxmox.myurl.online However when he goes there from the web using wireguard he gets a 403. I have never used Pihole or proxmox and so my ability to advise is nonexistent.

I am suspecting the issue might be with the wireguard config that has default to a DNS of 10.6.0.1. Literature I scanned suggests this needs to be set to the pihole at 192.168.3.50. dont know if this is correct advice or not. Exporting the conf file from the router and editing the config for the smartphone results in the same issue 403.

I tried openVPN server with advertise DNS to clients YES. Also no go. Tried NO, no go. Tried setting the DNS on the openVPN client for Android under IP and DNS to 192.168.3.50 and got worse results than wireguard. The browser just freezes.

So either I am missing something basic (very likely) on the router or the client settings or the issue is elsewhere as in Pihole. Can anyone suggest if the wireguard or openVPN needs anything other than the default settings? And does this also depend on a matching setting of somekind in Pihole? If one needs to put the IP address of a wireguard client into Pihole, what would that be looking from Pihole out? 10.6.0.2/32 as in the default config wireguard spits out? One setting giving permission to all wireguard clients would be preferable in my thoughts so we dont have to repeat this. If you think openVPN is easier to make work... good with that too.

Many thanks for any hints.

Ed
 
One may have to configure their proxmox server to allow for connections from other IP address subnets if the proxmox server (or the server's firewall) is configured to block IP address access other than those from it's own IP address subnet range.

For the Asus router OpenVPN server and Wireguard server, you will likely need to add the Pi-Hole IP address to the VPN server configuration. The following settings seems to work for my RT-AX86U Pro 3006.102.5 firmware VPN server setup. Remember to apply/save the changes.

OpenVPN Server Settings Example:
Client will use VPN to access: Both
Advertise DNS to clients: No
Custom Configuration field: push "dhcp-option DNS 192.168.50.100"
(change the IP address 192.168.50.100 to match your PiHole device IP address)

WireGuard VPN Server Settings Example:
Access Intranet: Enabled
Allow DNS: Enabled
Edit the WireGuard Tunnel configuration on the client device to include the PiHole DNS server in the configuration's Interface section. Example:
Code: 
[Interface]
PrivateKey = <redacted - do not change>
Address = 10.6.0.2/32
DNS = 192.168.50.100

On the PiHole one will likely have to configure the System > Settings > DNS Settings > Interface Settings to Respond only on interface xxx. Where xxx is the interface used by the PiHole for local network connection (ex: eth0 or wlan0). If one leaves Pi-Hole configured for Allow local requests only that causes the PiHole to only respond to requests from the same IP subnet as the PiHole device's IP address and not from other IP address subnet ranges.

As the PiHole Interface section indicates using Respond only on interface option is potentially dangerous if the PiHole is not properly firewalled by the network router/gateway. So ensure the PiHole is properly firewalled from the internet before making a change to the Interface Setting section.
 
Last edited:
You must log in or register to reply here.

Similar threads

M
Wireguard DNS issues
Replies
15
Views
3K
Martin
M
I
Clients are bypassing the DNS set by the DHCP server set by Merlin
Replies
11
Views
970
bennor
B
sentinelvdx
Help - DNS 1 Pi-Hole / DNS 2 Diversion
Replies
12
Views
868
cptnoblivious
C
C
Remove pi hole
2 3
Replies
53
Views
2K
dave14305
dave14305
G
Proper way to expose services to the internet with Asus Merlin?
Replies
11
Views
941
dave14305
dave14305
Similar threads
Thread starter Title Forum Replies Date
C Asus RT-BE86U - VPN server speed issues Asuswrt-Merlin 6
P Accessing remotly Server While Using VPN on Asus Router with Merlin Firmware Asuswrt-Merlin 9
R Asus RT N66u running Asuswrt Merlin change VPN listening port from WAN to LAN Asuswrt-Merlin 7
Muscless ASUS router VPN to NAS only? Asuswrt-Merlin 2
W New Asus AXE-11000 VPN Director Problem Asuswrt-Merlin 1
B Unable to establish VPN connection to my PiVPN (ovpn) from my Asus RT-AC86U running Asuswrt-Merlin 386.14 Asuswrt-Merlin 1
J ASUS GT-AXE16000 CPU usage with VPN on lan machine Asuswrt-Merlin 25
T Internet connection via ISP despite existing VPN connection in the Asus RT-AC 86U Asuswrt-Merlin 5
J Asus GT-BE98 Pro and Merlin, no internet when VPN disabled Asuswrt-Merlin 4
bertilak configuring and upgrading to a new ASUS router Asuswrt-Merlin 4

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 623 (members: 18, guests: 605)
Back
Top