Pi-hole/pivpn
Pi-hole/pivpn
1
0
Fork 0
mirror of https://github.com/pivpn/pivpn.git synced 2025-03-07 01:08:27 +00:00
Code Issues Projects Releases Packages Wiki Activity

Set Pi-hole to "Listen on all interfaces, permit all origins" when using it as DNS for the VPN

Browse source 
- Letting dnsmasq additionally listen on a specific VPN interface when Pi-hole is
    listening on the physical interface only may be more secure than letting dnsmasq
    listen on all interfaces, however, dnsmasq will stop listening on the physical
    interface (breaking LAN resolution) if the user changes the listening behavior
    at a later time.
    For the target audience of PiVPN, it is more likely that users will set the
    listening behavior to all when deciding to use Pi-hole via VPN (which is suggested
    in the Pi-hole guide and most guides on the web), instead of digging into
    configuration file.
    This option is safe if the Raspberry Pi is inside the local network and the user
    has not forwarded port 53 on their router, which is unlikely as they are installing
    PiVPN precisely to avoid doing that.
This commit is contained in:
Orazio 2020-07-23 11:41:59 +02:00
parent f72a531ce7
commit 5b2bc9ba70
1 changed files with 4 additions and 16 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

20
auto_install/install.sh
View file

@ -1475,18 +1475,10 @@ askClientDNS(){
# Then create an empty hosts file or clear if it exists.
$SUDO bash -c "> /etc/pivpn/hosts.$VPN"
# If the listening behavior is "Listen only on interface whatever", which is the
# default, tell dnsmasq to listen on the VPN interface as well. Other listening
# behaviors are permissive enough.
# Source in a subshell to prevent overwriting script's variables
DNSMASQ_LISTENING="$(source "$piholeSetupVars" && echo "${DNSMASQ_LISTENING}")"
# $DNSMASQ_LISTENING is not set if you never edit/save settings in the DNS page,
# so if the variable is empty, we still add the 'interface=' directive.
if [ -z "${DNSMASQ_LISTENING}" ] || [ "${DNSMASQ_LISTENING}" = "single" ]; then
echo "interface=$pivpnDEV" | $SUDO tee -a "$dnsmasqConfig" > /dev/null
fi
# Set Pi-hole to "Listen on all interfaces, permit all origins" to allow dnsmasq
# to listen on the VPN interface as well. This setting matches what's suggested
# in the official guide: https://docs.pi-hole.net/guides/vpn/dual-operation
$SUDO pihole -a -i all
# Use the Raspberry Pi VPN IP as DNS server.
pivpnDNS1="$vpnGw"
@ -2191,10 +2183,6 @@ restartServices(){
fi
;;
esac
if [ -f "$dnsmasqConfig" ]; then
$SUDO pihole restartdns
fi
}
askUnattendedUpgrades(){