External Pi-Hole w/ Firewalla DNS over VPN

Comments

2 comments

  • Avatar
    Firewalla

    You can create a VPN tunnel directly on your pi-hole, it is probably simpler. 

    0
    Comment actions Permalink
  • Avatar
    Yoav freiberger

    Hi,

    if this is relevant still, I came up with a much better option and did a whole write up about this in the following link: https://www.reddit.com/r/firewalla/s/YtKtmHfP63

    Since you want to avoid DNS leaks, you indeed have to resolve the domain, using the same gateway the resiulting traffic will follow. In my case this is actually three different VPN gateways and three different countries.

    The trick is to route both your actual traffic from the device is using pi hole, as for the device resolving them. A simple scenario you describe, let's assume you want all your devices to route through VPN, you create a route for all devices traffic to Internet interface: third-party VPN. At the same time you need to block all the device devices from accessing port 53, but at the same time allow pihole device to access that port (allow rule), but without applying force DNS through VPN (explained to the link). If you have multiple tunnels, you choose several public DNS servers (eg 1.1.1.1, 8.8.8.8) and for po hole you create a separate route eg all traffic to 1.1.1.1 for pihole use vpn1 as default conditional forwarding, for specific domains that route on firewalla itself through 8.8.8.8, al that pohole traffic to 8.8.8.8 for list of same domains (conditional forwarding) add a aplply all traffic for pihole to 8.8.8.8 to pass via vpn2. it's a lot more clearer than the writeup. For this to work you need to disable firewlla cache for all relevant devices, as explained there

    0
    Comment actions Permalink

Please sign in to leave a comment.