Optional: Dynamic DNS
If you operate your Pi-hole + OpenVPN at home, it is very likely that you are sitting behind a NAT / dynamically changing IP address. In this case, you should set up a dynamic DNS record, which allows you to reach your server. You can exchange the address that has been configured during the setup of OpenVPN like this:
Look for the
remote line and adjust it accordingly (remove IP address, add host name), e.g.
remote home.mydomain.de 1194
This change has to be repeated in each client config file (
*.conf) that you have been created up till now.
If you have set up a DDNS domain for your IP address, you will likely need to add a host-record to Pi-hole's settings.
pihole -a hostrecord home.mydomain.de 192.168.1.10
If you don't do this, clients (like the Android OpenVPN client) will not able to connect to the VPN server when inside the internal network (while it will work from outside). Afterwards, the client will be able to connect to the VPN server both from inside and outside your local network.
Setting up DynDNS update¶
If your router cannot update the dynamic DNS record, you can use for example
sudo apt install ddclient
This configuration file resides in
/etc/ddclient.conf. During installation,
apt probably already asked you some questions and prepared a useful config file. In general, configuration files look like:
# /etc/ddclient.conf # protocol=dyndns2 use=web login=mylogin password=mypassword myhost.dyndns.org
If you want to have
ddclient running as daemon (recommended!), change also your
# Configuration for ddclient scripts # generated from debconf on Do 9. Feb 22:29:13 CET 2017 # # /etc/default/ddclient # Set to "true" if ddclient should be run every time DHCP client ('dhclient' # from package isc-dhcp-client) updates the systems IP address. run_dhclient="false" # Set to "true" if ddclient should be run every time a new ppp connection is # established. This might be useful, if you are using dial-on-demand. run_ipup="false" # Set to "true" if ddclient should run in daemon mode # If this is changed to true, run_ipup and run_dhclient must be set to false. run_daemon="true" # Set the time interval between the updates of the dynamic DNS name in seconds. # This option only takes effect if the ddclient runs in daemon mode. daemon_interval="300"
Example: Strato DynDNS¶
In the following, we give an example of how to setup
ddclient using the German Internet hosting provider Strato. First, you need to create a subdomain. Then you need to enable DnyDNS for this domain:
Afterwards, modify your
ddclient config file to look like:
protocol=dyndns2 use=if, if=eth0 use=web, web=checkip.dyndns.org server=dyndns.strato.com/nic/update login=strato-login-name password='password1234' meine.domain.de
strato-login-nameby your Strato login name (most likely your domain name, like
password1234by the password you configured above (see third screenshot), and
meine.domain.deby the subdomain you created and enabled dynamic DNS for.