diff --git a/FAQ.md b/FAQ.md index 3261950..32ba8d0 100644 --- a/FAQ.md +++ b/FAQ.md @@ -17,19 +17,22 @@ Yes. To change the hostname or IP address, you will need to change `/etc/openvpn ## My ISP doesn't give me a static external IP address, so my servers IP address keeps changing! You will need a dynamic DNS service and a hostname. If your IP address changes, your hostname will then automatically point to the new IP address. Some free dynamic DNS services are or . -## Installing with pi-hole -You can safely install pivpn on the same raspberry pi as your pi-hole install. If you point your openvpn clients to the IP of your pi-hole for DNS (so they get ad blocking etc) then you will want to be sure you create `/etc/dnsmasq.d/02-pivpn.conf` and add for example: `listen-address=127.0.0.1, 192.168.1.2, 10.8.0.1`a or `interface=tun0` to allow dns resolution from the vpn interface. - -Note your listen-address may just contain 127.0.0.1, the next IP should be the local IP of your pi-hole and the final IP, 10.8.0.1 is the PiVPN vpn interface. - -If you set this and have your vpn clients use 192.168.1.2 (in my example) as their DNS then you will get ad blocking over your VPN connections. - -More Detailed setp-by-step read: https://github.com/pivpn/pivpn/issues/885 +## Installing with Pi-hole +You can safely install PiVPN on the same Raspberry Pi as your Pi-hole install, and point your VPN clients to the IP of your Pi-hole so they get ad blocking, etc. Here's how: +1. Edit the server config with `sudo nano /etc/openvpn/server.conf` +2. Remove every `push "dhcp-option DNS [...]"` line +3. Add this line `push "dhcp-option DNS 10.8.0.1"` to point clients to the PiVPN IP +4. Save the file and exit +5. Restart openvpn with `sudo systemctl restart openvpn` +6. Create a new file `sudo nano /etc/dnsmasq.d/02-pivpn.conf` +7. Add `interface=tun0` inside to tell Pi-hole to listen on the VPN interface as well +8. Save the file end exit +9. Restart Pi-hole with `pihole restartdns` ## Allow Clients to connect but block their access to the internet -If you don't want your VPN clients to be able to access the internet simply comment the following line in `/etc/openvpn/server.con` +If you don't want your VPN clients to be able to access the internet simply comment the following line in `/etc/openvpn/server.conf` ``` push "redirect-gateway def1"