UDP:1194 split tunnel didn't work in Tunnelblick until I routed all IPv4 traffic through the VPN about pi-hole-pivpn-on-google-compute-engine-free-tier-with-full-tunnel-and-split-tunnel-openvpn-configs HOT 7 OPEN

Upon reviewing your server.conf file and client.ovpn files, it appears you are attempting to set up a Split Tunnel VPN where only your DNS requests are sent over the encrypted VPN connection. This does not encrypt all of your Internet traffic, and only sends enough to the VPN server to achieve ad blocking. Your files are perfect as they are.

The default setting in Tunnelblick to Route all IPv4 traffic through the VPN should be unchecked. It could become costly to send all of your traffic over the VPN Tunnel, so we are only sending the DNS traffic there with these configurations. Please keep it unchecked, this is the desired configuration for this reason. When you surf the Internet, you will be exposing your true IP address, and not the IP Address of your VPN Server.

So why are the ads not being blocked / wrong DNS servers being used when you connect using these settings and configuration files? It is because at some point you manually configured DNS Servers on your Wireless and/or Wired Network Adapters.

Open System Preferences | Network and click on the Network Adapter on the left column. Click the Advanced... button at the bottom right, and select the DNS Tab. Use the - button to remove all the manually entered DNS Servers in the column on the left side. Click OK, and Apply these changes. Reconnect to your VPN using Tunnelblick, and you will see the DNS Server automatically get populated in the Network window. You can verify the ad blocking is working by visiting http://blockads.fivefilters.org and also by performing an "extended" DNS Leak Test at http://dnsleaktest.com

As far as the side question goes, you can toy around with removing the block-outside-dns parameter from the server.conf, but you will break functionality on Android phones and potentially iOS clients that use the OpenVPN Connect or OpenVPN for Android software when you do this. The warning is harmless and can be safely ignored.

As far as the 2 options you have tried, I'm afraid you've lost me. Perhaps we can try and resolve that in a separate issue. If the instructions to remove manually configured DNS Servers on your Network Adapters does not resolve this issue, please let me know what version of macOS and Tunnelblick you are using. If this does resolve your issue, feel free to close this issue out.

from pi-hole-pivpn-on-google-compute-engine-free-tier-with-full-tunnel-and-split-tunnel-openvpn-configs.

I haven't explicitly changed my DNS configuration, and within the DNS tab, there's nothing I'm able to remove, however, it does appear as though my internet company uses 10.0.1.1 as it is grayed out in the DNS server section, and my cable provider's domain is grayed out in the Search Domains area as well. FWIW, full tunnel does work on my iOS and OSX for me at the moment.

re: the options, I've tried, I'm lost as well. I was essentially just throwing stuff at the wall to see what might stick.

from pi-hole-pivpn-on-google-compute-engine-free-tier-with-full-tunnel-and-split-tunnel-openvpn-configs.

I am assuming your IP Address is assigned dynamically (via DHCP) and is not static.

Open System Preferences | Network and click on the Network Adapter on the left column. Make note of the DNS Server that appears here. I suspect it will be your ISPs provided DNS Server, which you said is 10.0.1.1. (The value for the DNS Server should be grayed out text if it was acquired via DHCP.)

Then use Tunnelblick to establish a Split Tunnel VPN Connection to your server.

When the VPN connects, Tunnelblick should have updated the DNS Server to read 10.8.0.1. Do you see this change happening? (I am hoping the answer to this question is Yes.)

If the answer to the question above is not yes - an ugly solution is to set 10.8.0.1 as your DNS Server manually, so it is the very first DNS Server that is queried. If your VPN is not connected, then this DNS Server will be unreachable, and it will default to the next DNS Server in the list.

from pi-hole-pivpn-on-google-compute-engine-free-tier-with-full-tunnel-and-split-tunnel-openvpn-configs.

Tried getting it running all this weekend, but no go...

My IP address is assigned dynamically via DHCP, yes, but 10.0.1.1 is the DNS LAN address created through the Airport Extreme router - not the ones(2) my ISP has assigned. Those can be seen greyed out in my Airport Utility settings under the Internet tab. They also appear as the two DNS servers on the Airport Utility main page when I click Internet.

When the VPN connects, Tunnelblick should have updated the DNS Server to read 10.8.0.1. Do you see this change happening? (I am hoping the answer to this question is Yes.)

Yes, both the DNS Servers and Search Domains change to 10.8.0.1 and 'openvpn' respectively.

I've also tried a few other things with mixed results - either not being able to connect at all, or being able to connect but my IP still remains unchanged.

Added '10.8.0.1' ONLY via System Preferences | Network | Advanced | DNS tab
When disconnected from Tunnelblick: No connection to the internet.
When connected to Tunnelblick: Connection but IP remains unchanged. Tunnelblick Error: Tunnelblick could not fetch IP address information before the connection was made.

Added '10.8.0.1' and '10.0.1.1' in that order
When disconnected from Tunnelblick: Connection but IP remains unchanged.
When connected to Tunnelblick: Connection but IP remains unchanged. Tunnelblick Error: This computer's apparent public IP address was not different after connecting

Added '10.1.1.1' and '10.8.0.1' in that order
When disconnected from Tunnelblick: Connection but IP remains unchanged.
When connected to Tunnelblick: Connection but IP remains unchanged. Tunnelblick Error: This computer's apparent public IP address was not different after connecting

from pi-hole-pivpn-on-google-compute-engine-free-tier-with-full-tunnel-and-split-tunnel-openvpn-configs.

I am curious about how your AirPort Extreme is configured. I am assuming it is not in Bridge mode, and you are using the AirPort Extreme as a Router.

1. Open the AirPort Utility application. (It's in Applications → Utilities.) The window shown below appears.
   
2. Click the AirPort Extreme's icon. The status pop-up window appears.
3. Click Edit. The settings window appears.
4. Select the Internet tab. The window shown below appears.
   

Do you have a Primary and Secondary DNS Server defined here? If yes, what are they?

from pi-hole-pivpn-on-google-compute-engine-free-tier-with-full-tunnel-and-split-tunnel-openvpn-configs.

They're greyed out, but they're also the same two numbers that appear under Internet:

FWIW it's a Time Capsule, not strictly an Extreme

from pi-hole-pivpn-on-google-compute-engine-free-tier-with-full-tunnel-and-split-tunnel-openvpn-configs.

Wanted to follow up here; are you able to try the Wireguard + Pi-Hole solution?

https://github.com/rajannpatel/Pi-Hole-on-Google-Compute-Engine-Free-Tier-with-Full-Tunnel-and-Split-Tunnel-Wireguard-VPN-Configs

from pi-hole-pivpn-on-google-compute-engine-free-tier-with-full-tunnel-and-split-tunnel-openvpn-configs.