Are you trying to setup OpenVPN server and not a client?
ranveerkumar opened this issue · comments
I have a WindScribe VPN service account.
Now when you say "Download openvpn configuration" - it gives me only a client configuration. However by following your configuration, it looks like you're trying to setup an OpenVPN server along with Pi-hole!
Your assistance is highly appreciated.
Yes, you have to download the client configuration from the OpenVPN (or Wireguard) config generator and place it in the corresponding directory (e.g. /etc/openvpn) and start the VPN tunnel. Whether your computer acts as a client or server just depends on the config file.
Is there any unclear or confusing part in particular?
If you want to set up a VPN server you should take a look at PiVPN.
Thanks for a real quick answer @Trigus42!
I've downloaded (from: Windscribe)
- Config file
- A zip containing: ca.crt, ta.key
I just want pi.hole to redirect all my traffic via WindScribe VPN. Please guide!
You don't need the zip file with the certificate and key.
You just have to place the file into the directory /etc/openvpn/ and change the file extension to .conf (instead of .ovpn).
PS: If there is no reason to use OpenVPN I would recommend using Wireguard as you will get better speeds on a device with relatively low performance such as a Raspberry Pi.
I got your point!
Yes I'm not bound to use OpenVPN. I'll try switching to Wireguard. Here's my home infra:
- Pi-hole running on a Raspberry Pi 4 (8GB), within a docker container
- Speed 200mpbs
You're amazing!
Thanks. Is the issue if it is resolved for you, then?
Just starting on setting up wireguard, and then will follow further steps to hook pi hole with it
Sorry! I don't understand much of the network stuffs.
systemctl enable wg-quick@wg0
ERROR:systemctl:Unit wg-quick@wg0.service could not be found.wg-quick up wg0
[#] ip link add wg0 type wireguard
RTNETLINK answers: Operation not permitted
Unable to access interface: Protocol not supported
[#] ip link delete dev wg0
Cannot find device "wg0"iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
getsockopt failed strangely: Operation not permittedWill it be a good idea to run this whole setup on the host itself and not within a docker container?
"service could not be found" | Protocol not supported
Have you installed Wireguard? Is the Wireguard module loaded (in your container)?
Check with lsmod | grep wireguard.
The output should look something like this:
Operation not permitted
Are you running all commands as root? Maybe try starting the docker container with the option --privileged?
Will it be a good idea to run this whole setup on the host itself and not within a docker container?
If it's possible, I would recommend it since I haven't tested it with docker and I also don't have much experience with docker.
Yes docker was running with --privileged.
However, composed it off already and moved to host. And I'm gonna follow everything from scratch. I don't wanna complicate stuffs at this level of traffic. Docker would probably good idea for other applications.
Thank you again!
FYI - the problem was that wireguard module wasn't loaded, and required linux-header update. I followed the solution (end of the page) from here: adrianmihalko/raspberrypiwireguard#11