[Question] combination with pi-hole DNS Server

kingofdunghill commented 2 months ago

Hi,

thanks for this great tool.

Unfortunately i cant get an alternative DNS server to work. Edited docker-compose, ikev2.conf and vpn-gen.env but without success.

It is a pi.hole DNS Server on 127.0.0.1

Thanks for help

vpn: image: hwdsl2/ipsec-vpn-server hostname: ipsec-vpn-server container_name: ipsec-vpn-server environment:

VPN_DNS_SRV1=1.1.1.1 # optionally use custom primary dns server; default is Google DNS
VPN_DNS_SRV2=1.0.0.1 # optionally use custom secondary dns server; default is Google DNS
VPN_PROTECT_CONFIG=yes # optionally protect client config files using a random password
VPN_IKEV2_ONLY=yes # disable both IPsec/L2TP and IPsec/XAuth modes; only use IKEv2 restart: always ports:
"500:500/udp"
"4500:4500/udp" privileged: true volumes:
/home/stipy/docker/vpn/ipsec-vpn-server/data:/etc/ipsec.d
/lib/modules:/lib/modules:ro

hwdsl2 commented 2 months ago

@kingofdunghill Hello! For your use case, if the Pi-hole DNS server runs in another container on the same Docker host, you can specify that container's internal IP address as the primary DNS server. To find the IP, run docker inspect YOUR_PIHOLE_CONTAINER_NAME and check the output.

On the other hand, if the Pi-hole DNS server runs directly on your Docker host, you may be able to specify the Docker host's IP address (e.g. 192.168.0.2) as the primary DNS server. Using 127.0.0.1 will not work because it points to the IPsec VPN container itself, not the Docker host.

The next step is to edit /etc/ipsec.d/ikev2.conf inside the Docker container (which maps to /home/stipy/docker/vpn/ipsec-vpn-server/data/ikev2.conf on your Docker host) and replace the value of the modecfgdns option with your desired DNS server(s). After that, restart the IPsec VPN Docker container to take effect.

Because IKEv2 is already set up in your Docker container, editing VPN_DNS_SRV1 and/or VPN_DNS_SRV2 in your Docker compose configuration may not work, but you can use the method above.

EnUfor commented 1 month ago

@kingofdunghill I ran into this issue when I moved my pihole/unbound from a VM to the same docker host as this ipsec-vpn server. Some of my containers could resolve DNS, some struggled, and some refused. Pihole would show that it was responding correctly, but the services would never receive responses. Not sure whether your pihole instance was containerized, but maybe this can help others that come across this issue.

I found this reddit post which led to this pi-hole discourse post

TL;DR: I had to change my pihole docker-compose file:

ports:
  - "53:53/udp"
  - ...

to

ports:
  - "10.0.0.2:53:53/udp"
  - ...

Where 10.0.0.2 was the IP of the host running the pihole container

Then updating the /etc/ipsec.d/ikev2.conf modecfgdns variable to pihole's IP (10.0.0.2) and restarting the container had everything working

hwdsl2 / docker-ipsec-vpn-server

[Question] combination with pi-hole DNS Server #443