Comments (7)
Upon reviewing your server.conf file and client.ovpn files, it appears you are attempting to set up a Split Tunnel VPN where only your DNS requests are sent over the encrypted VPN connection. This does not encrypt all of your Internet traffic, and only sends enough to the VPN server to achieve ad blocking. Your files are perfect as they are.
The default setting in Tunnelblick to Route all IPv4 traffic through the VPN should be unchecked. It could become costly to send all of your traffic over the VPN Tunnel, so we are only sending the DNS traffic there with these configurations. Please keep it unchecked, this is the desired configuration for this reason. When you surf the Internet, you will be exposing your true IP address, and not the IP Address of your VPN Server.
So why are the ads not being blocked / wrong DNS servers being used when you connect using these settings and configuration files? It is because at some point you manually configured DNS Servers on your Wireless and/or Wired Network Adapters.
Open System Preferences | Network and click on the Network Adapter on the left column. Click the Advanced... button at the bottom right, and select the DNS Tab. Use the -
button to remove all the manually entered DNS Servers in the column on the left side. Click OK, and Apply these changes. Reconnect to your VPN using Tunnelblick, and you will see the DNS Server automatically get populated in the Network window. You can verify the ad blocking is working by visiting http://blockads.fivefilters.org and also by performing an "extended" DNS Leak Test at http://dnsleaktest.com
As far as the side question goes, you can toy around with removing the block-outside-dns
parameter from the server.conf, but you will break functionality on Android phones and potentially iOS clients that use the OpenVPN Connect or OpenVPN for Android software when you do this. The warning is harmless and can be safely ignored.
As far as the 2 options you have tried, I'm afraid you've lost me. Perhaps we can try and resolve that in a separate issue. If the instructions to remove manually configured DNS Servers on your Network Adapters does not resolve this issue, please let me know what version of macOS and Tunnelblick you are using. If this does resolve your issue, feel free to close this issue out.
from pi-hole-pivpn-on-google-compute-engine-free-tier-with-full-tunnel-and-split-tunnel-openvpn-configs.
I haven't explicitly changed my DNS configuration, and within the DNS tab, there's nothing I'm able to remove, however, it does appear as though my internet company uses 10.0.1.1 as it is grayed out in the DNS server section, and my cable provider's domain is grayed out in the Search Domains area as well. FWIW, full tunnel does work on my iOS and OSX for me at the moment.
re: the options, I've tried, I'm lost as well. I was essentially just throwing stuff at the wall to see what might stick.
from pi-hole-pivpn-on-google-compute-engine-free-tier-with-full-tunnel-and-split-tunnel-openvpn-configs.
I am assuming your IP Address is assigned dynamically (via DHCP) and is not static.
Open System Preferences | Network and click on the Network Adapter on the left column. Make note of the DNS Server that appears here. I suspect it will be your ISPs provided DNS Server, which you said is 10.0.1.1. (The value for the DNS Server should be grayed out text if it was acquired via DHCP.)
Then use Tunnelblick to establish a Split Tunnel VPN Connection to your server.
When the VPN connects, Tunnelblick should have updated the DNS Server to read 10.8.0.1. Do you see this change happening? (I am hoping the answer to this question is Yes.)
If the answer to the question above is not yes - an ugly solution is to set 10.8.0.1 as your DNS Server manually, so it is the very first DNS Server that is queried. If your VPN is not connected, then this DNS Server will be unreachable, and it will default to the next DNS Server in the list.
from pi-hole-pivpn-on-google-compute-engine-free-tier-with-full-tunnel-and-split-tunnel-openvpn-configs.
Tried getting it running all this weekend, but no go...
My IP address is assigned dynamically via DHCP, yes, but 10.0.1.1 is the DNS LAN address created through the Airport Extreme router - not the ones(2) my ISP has assigned. Those can be seen greyed out in my Airport Utility settings under the Internet tab. They also appear as the two DNS servers on the Airport Utility main page when I click Internet.
When the VPN connects, Tunnelblick should have updated the DNS Server to read 10.8.0.1. Do you see this change happening? (I am hoping the answer to this question is Yes.)
Yes, both the DNS Servers and Search Domains change to 10.8.0.1 and 'openvpn' respectively.
I've also tried a few other things with mixed results - either not being able to connect at all, or being able to connect but my IP still remains unchanged.
Added '10.8.0.1' ONLY via System Preferences | Network | Advanced | DNS tab
When disconnected from Tunnelblick: No connection to the internet.
When connected to Tunnelblick: Connection but IP remains unchanged. Tunnelblick Error: Tunnelblick could not fetch IP address information before the connection was made.
Added '10.8.0.1' and '10.0.1.1' in that order
When disconnected from Tunnelblick: Connection but IP remains unchanged.
When connected to Tunnelblick: Connection but IP remains unchanged. Tunnelblick Error: This computer's apparent public IP address was not different after connecting
Added '10.1.1.1' and '10.8.0.1' in that order
When disconnected from Tunnelblick: Connection but IP remains unchanged.
When connected to Tunnelblick: Connection but IP remains unchanged. Tunnelblick Error: This computer's apparent public IP address was not different after connecting
from pi-hole-pivpn-on-google-compute-engine-free-tier-with-full-tunnel-and-split-tunnel-openvpn-configs.
I am curious about how your AirPort Extreme is configured. I am assuming it is not in Bridge mode, and you are using the AirPort Extreme as a Router.
- Open the AirPort Utility application. (It's in Applications → Utilities.) The window shown below appears.
- Click the AirPort Extreme's icon. The status pop-up window appears.
- Click Edit. The settings window appears.
- Select the Internet tab. The window shown below appears.
Do you have a Primary and Secondary DNS Server defined here? If yes, what are they?
from pi-hole-pivpn-on-google-compute-engine-free-tier-with-full-tunnel-and-split-tunnel-openvpn-configs.
They're greyed out, but they're also the same two numbers that appear under Internet:
FWIW it's a Time Capsule, not strictly an Extreme
from pi-hole-pivpn-on-google-compute-engine-free-tier-with-full-tunnel-and-split-tunnel-openvpn-configs.
Wanted to follow up here; are you able to try the Wireguard + Pi-Hole solution?
from pi-hole-pivpn-on-google-compute-engine-free-tier-with-full-tunnel-and-split-tunnel-openvpn-configs.
Related Issues (20)
- Question - Mikrotik support
- VPN Works Fine But Ads Still Show
- Following steps for PiVPN install leads to Entering Cutom Domain HOT 2
- Ubuntu 18.04 Gnome config issues HOT 1
- Unable install app or download Gmail attachments while connected to VPN HOT 2
- I could not get the full vpn to work from windows unless I recreated the google VM with a new network interface with "Forwarding = ON" HOT 5
- guide how to setup Split Tunnel VPN on DD-WRT ROUTERS
- Suggestion: Fees warning for users outside North-America.
- Updated install guide with Wireguard since PiVPN now supports it. HOT 2
- split tunnel not working HOT 1
- TCP 443 Full Tunnel and TCP 443 Split Tunnel does NOT work from Windows 10 HOT 1
- Guide feedback HOT 5
- Non-working tcp443 profile HOT 2
- Can't install since Pi-hole v5 HOT 2
- how to delete/disable a client from the server? HOT 1
- systemctl enable openvpn@server_tcp443.service HOT 1
- throttled... HOT 2
- CN Verification fails out-of-the-box
- How to set Google cloud instance as a DNS Server & VPN HOT 2
- This guide nerver works with Google Cloud platform anymore !!! HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from pi-hole-pivpn-on-google-compute-engine-free-tier-with-full-tunnel-and-split-tunnel-openvpn-configs.