mr-bolle / docker-openvpn-pihole Goto Github PK
View Code? Open in Web Editor NEWCreate a single docker-compose and use the benefit from pi-hole if you use a Mobiledevice outside your Homenetwork
License: MIT License
Create a single docker-compose and use the benefit from pi-hole if you use a Mobiledevice outside your Homenetwork
License: MIT License
-n
easyrsa build-ca
easyrsa build-client-full CLIENTNAME nopass
Above error while running
bash openvpn-install.sh
On raspberry pi3 on Step 3 after entering a Client Name
Hello mr-bolle, I cannot get my openvpn and pihole containers working on Raspberry Pi 4 B+ using your script. When I'm adding a newly created ovpn client to my Tunneblick app on macOS it only displays a message "Waiting for server response..." without any further changes.
I did not modify any of the files and used exactly the same files from your repository except only one thing - I've changed the default openvpn udp port (in your docker-compose.yml it was - "1194:1194/udp"). I've double checked that the same port that I chose I'm using for port forwarding correctly.
Please point me into the right direction.
I have also a few questions:
The current OpenVPN Image use the aarch64/alpine:3.5
Dockerfile.aarch64
# FROM aarch64/alpine:3.5
FROM arm32v7/alpine:latest
Hello, big thank you for your work first!
I've installed Docker and Docker-Compose on my Raspberry Pi 4 with Raspbian as OS following the instructions on https://withblue.ink/2019/07/13/yes-you-can-run-docker-on-raspbian.html
Then I followed your instruction to get docker-openvpn-pihole installed. Everything worked fine until step 3. The following error message occured and the script was aborted:
We are now at Step 3
Easy-RSA error:
The file '/etc/openvpn/vars' was not found.
Can you please support?
My software versions:
docker-compose version 1.25.5, build unknown
docker-py version: 4.2.0
CPython version: 3.7.3
OpenSSL version: OpenSSL 1.1.1d 10 Sep 2019
I have pihole set up already and running in a Docker Container on a Apple silicon Mac.
Everything is working well.
But I want to make it work with OpenVPN(to allow iPhone to access even outdoor to block ADs),
but I didn't use "tun0"(but eth0) at the very beginning and I don't know where to config it.
Is there a way to change eth0 to tun0 or add tun0 to make it work with OpenVPN?
Thank you very muchπ
Pihole running in a container. Config command to pihole I used:
docker run --name=pihole1 -e TZ=Taiwan -e jq-UbajZ=password -e SERVERIP=192.168.0.69 -v pihole_app:/etc/pihole -v dns_config:/etc/dnsmasq.d -p 81:80 -p 53:53/tcp -p 53:53/udp --restart=unless-stopped pihole/pihole
pihole version
Pi-hole version is v5.11.4 (Latest: v5.11.4)
AdminLTE version is v5.13 (Latest: v5.13)
FTL version is v5.16.3 (Latest: v5.16.3)
Hello,
I am having trouble generating second clinet.ovpn file. Is it possible to have multiple clients with this setup?
Question, not an issue:
Is this possible with your image?
It is also described here: https://docs.pi-hole.net/guides/vpn/dual-operation/
Your diagram visualises almost exactly what I would like. I have a Intel/Ubuntu system running docker images already, adding your image would be easy for the road warrior setup.
However I would like to set the PiHole DNS as the DNS server in my home router as well. Is that possible?
I noticed in a closed issue, you recommended someone to install a secondary instance of PiHole. That's really not what I want since I will whitelist some IPs/addresses over time and don't want to manage that on 2 different PiHoles.
Would the documentation mentioned above be applicable to your image?
Hello. I'm using RPI 2B DietPI with Docker 19.03.8, and your installation script is throwing an error on Step 2.
Performing Step 1, we are going to make a directory at /openvpn_data
** OpenVPN Data Path is set to: /root/lmao/docker-openvpn-pihole/openvpn_data * *
Please enter your dynDNS Address:
Please choose your Protocol (tcp / [udp]): udp
Please enter the Pi-Hole Admin Password (default [fcvFjLIO2hWhkFCi]): asdStep 2
Common name not specified, see '-u'
usage: /usr/local/bin/ovpn_genconfig [-d]
-u SERVER_PUBLIC_URL
[-e EXTRA_SERVER_CONFIG ]
[-E EXTRA_CLIENT_CONFIG ]
[-f FRAGMENT ]
[-n DNS_SERVER ...]
[-p PUSH ...]
[-r ROUTE ...]
[-s SERVER_SUBNET]optional arguments:
-2 Enable two factor authentication using Google Authenticator.
-a Authenticate packets with HMAC using the given message digest algorithm (auth).
-b Disable 'push block-outside-dns'
-c Enable client-to-client option
-C A list of allowable TLS ciphers delimited by a colon (cipher).
-d Disable default route
-D Do not push dns servers
-k Set keepalive. Default: '10 60'
-m Set client MTU
-N Configure NAT to access external server network
-t Use TAP device (instead of TUN device)
-T Encrypt packets with the given cipher algorithm instead of the default on e (tls-cipher).
-z Enable comp-lzo compression.
Cleaning up before Exit ...
If you are still maintaining this repo, fix it please. Thanks!
When i try your script everything runs fine until vpn_pihole needs to be created
I'm getting
ERROR: for vpn_pihole Cannot start service pihole: OCI runtime create failed: container_linux.go:348: starting container process caused "process_linux.go:402: container init caused \"rootfs_linux.go:58: mounting \\\"/etc/timezone\\\" to rootfs \\\"/var/lib/docker/overlay2/db5bcd01a6f78bfe2da8c1cd32a47d4f4ace333f0432e0f6ced9349d888edfd9/merged\\\" at \\\"/var/lib/docker/overlay2/db5bcd01a6f78bfe2da8c1cd32a47d4f4ace333f0432e0f6ced9349d888edfd9/merged/etc/timezone\\\" caused \\\"not a directory\\\"\"": unknown: Are you trying to mount a directory onto a file (or vice-versa)? Check if the specified host path exists and is the expected type
Second thing. I cannot find the created key. I looked in /etc/openvpn but there's nothing. It would seem openvpn is up and running.
That was an major stupid moment from me
Hello @mr-bolle,
First of all thank you for your job, I tested connecting to OpenVPN through cell and it's blocking ads.
I'm trying to use Docker Pi-hole as DNS to also block all ads when I navigate from home by LAN without connecting to OpenVPN.
I tried changing DNS on router by setting Pi IP, and also tied to set Dcoker network gateway IP and Pihole docker network IP.
I'm not a network expert, last time I used Pihole (without Docker), I added Pi IP as DNS in router. With Docker, not sure which IP do I need to setup.
It would be great to complete this functionality, blocking all ads also in my home network!.
Thank you again.
Hello @mr-bolle,
First of all thank you for your job, I tested connecting to OpenVPN through cell and it's blocking ads.
I'm trying to use Docker Pi-hole as DNS to also block all ads when I navigate from home by LAN without connecting to OpenVPN.
I tried changing DNS on router by setting Pi IP, and also tied to set Dcoker network gateway IP and Pihole docker network IP.
I'm not a network expert, last time I used Pihole (without Docker), I added Pi IP as DNS in router. With Docker, not sure which IP do I need to setup.
It would be great to complete this functionality, blocking all ads also in my home network!.
Thank you again.
Hi @mr-bolle ,
I want to use OpenVpn and PiHole together but I'm nooby with all of these stuff, it's new for me :)
Hopping, you can help me a little bit ;)
I currently have an OpenVpn docker with port-share enabled with the IP(172.24.X.X) of the OpenVPN docker (my configuration):
version: '3'
services:
openvpn:
cap_add:
- NET_ADMIN
image: kylemanna/openvpn:latest
container_name: openvpn
ports:
- "443:1194/tcp"
restart: unless-stopped
environment:
- PORT-SHARE=172.24.X.X 444
volumes:
- ./openvpn-data/conf:/etc/openvpn
After that, I have in my nginx (virtual-hosts) with a listen on 444 to redirect on my azerty.mydomain.com, azerty2.mydomain.com ect
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name azerty.mydomain.com;
return 301 https://$server_name$request_uri;
}
server {
listen 444 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/mydomain.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/mydomain.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
root /media/toto/storage;
autoindex on;
server_name azerty.mydomain.com;
location / {
try_files $uri $uri/ =404;
auth_basic "Restricted Content";
auth_basic_user_file /etc/nginx/.htpasswd1;
}
}
My clients (phone / computer) are directly connected in 443 which is the behavior that I want.
What is the most simple thing I can do to keep this behavior like that ?
Do you see something more easy ? I want to keep the 443 port because 1194 is sometimes blocked in airport for example ;)
If you can explain to me with some words what I have to change / what is the best idea or simply with a docker-compose.yml updated if it's more simple and quick for you ;)
Thanks
Regards
Hi mr-bolle,
First of all, great SW. Working finde out of the Box.
But I can not call the pihole Web Page.
What I try:
Choose the Browser of my choice.
Type in: http(s)://ipOfServer:portFromComposeFile
Try different ips:
Ip of external server with and without vpn connected
Ip of Internal pihole 172.110.1.4
May you have a smal hint how to connect.
Thanks and Regards
EDIT If I disconnect VPN I'll able to connect. Seems somting with the Routing wont work.
By the way. To protect the pihole web admin. World be great only allow connection over VPN.
Evening,
I have attempt to run the script as stated within this Github, but I repeatedly get this error:
cp: 'Dockerfile.aarch64' and 'Dockerfile.aarch64' are the same file
I am unsure what the cause of this, and would like some advice. Any help would be appreciated.
Hello,
this is not an issue.
I would like to know if it possible to implement unbound in order to have my personal recursive DNS ?
thanks for you great job
A declarative, efficient, and flexible JavaScript library for building user interfaces.
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. πππ
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google β€οΈ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.