mirror of
https://github.com/pivpn/pivpn.git
synced 2025-03-07 01:08:27 +00:00
Set Pi-hole to "Listen on all interfaces, permit all origins" when using it as DNS for the VPN
- Letting dnsmasq additionally listen on a specific VPN interface when Pi-hole is listening on the physical interface only may be more secure than letting dnsmasq listen on all interfaces, however, dnsmasq will stop listening on the physical interface (breaking LAN resolution) if the user changes the listening behavior at a later time. For the target audience of PiVPN, it is more likely that users will set the listening behavior to all when deciding to use Pi-hole via VPN (which is suggested in the Pi-hole guide and most guides on the web), instead of digging into configuration file. This option is safe if the Raspberry Pi is inside the local network and the user has not forwarded port 53 on their router, which is unlikely as they are installing PiVPN precisely to avoid doing that.
This commit is contained in:
parent
f72a531ce7
commit
5b2bc9ba70
1 changed files with 4 additions and 16 deletions
|
@ -1475,18 +1475,10 @@ askClientDNS(){
|
|||
# Then create an empty hosts file or clear if it exists.
|
||||
$SUDO bash -c "> /etc/pivpn/hosts.$VPN"
|
||||
|
||||
# If the listening behavior is "Listen only on interface whatever", which is the
|
||||
# default, tell dnsmasq to listen on the VPN interface as well. Other listening
|
||||
# behaviors are permissive enough.
|
||||
|
||||
# Source in a subshell to prevent overwriting script's variables
|
||||
DNSMASQ_LISTENING="$(source "$piholeSetupVars" && echo "${DNSMASQ_LISTENING}")"
|
||||
|
||||
# $DNSMASQ_LISTENING is not set if you never edit/save settings in the DNS page,
|
||||
# so if the variable is empty, we still add the 'interface=' directive.
|
||||
if [ -z "${DNSMASQ_LISTENING}" ] || [ "${DNSMASQ_LISTENING}" = "single" ]; then
|
||||
echo "interface=$pivpnDEV" | $SUDO tee -a "$dnsmasqConfig" > /dev/null
|
||||
fi
|
||||
# Set Pi-hole to "Listen on all interfaces, permit all origins" to allow dnsmasq
|
||||
# to listen on the VPN interface as well. This setting matches what's suggested
|
||||
# in the official guide: https://docs.pi-hole.net/guides/vpn/dual-operation
|
||||
$SUDO pihole -a -i all
|
||||
|
||||
# Use the Raspberry Pi VPN IP as DNS server.
|
||||
pivpnDNS1="$vpnGw"
|
||||
|
@ -2191,10 +2183,6 @@ restartServices(){
|
|||
fi
|
||||
;;
|
||||
esac
|
||||
|
||||
if [ -f "$dnsmasqConfig" ]; then
|
||||
$SUDO pihole restartdns
|
||||
fi
|
||||
}
|
||||
|
||||
askUnattendedUpgrades(){
|
||||
|
|
Loading…
Add table
Reference in a new issue