OpenVPN Connection fails with DNSMasq (pi-hole)


I have a VPS running an OpenVPN server. The VPN works fine before adding pi-hole and rebooting.

I set up the OpenVPN server using this guide:

I set up pi-hole with this:

Once I install pi-hole, it works fine. The VPN still works, and I can access the pi-hole admin page from my client connection. But once I reboot the server, and then connect to the VPN, all DNS lookups fail. I also cannot ping an IP from my client while connected to the VPN after the server reboot.

For the life of me I can’t figure out what’s causing the issue. The firewalls seem fine. OpenVPN is pushing the DNS to the local IP.

Before restarting the server, I restarted the firewall and OpenVPN. It still worked then. So I can’t figure out what a server reboot would have done to make the VPN connection fail.

Thanks in advance for your help.

OpenVPN server.cfg

port 443
proto tcp
dev tun
ca ca.crt
cert server.crt
key server.key  # This file should be kept secret
dh dh2048.pem
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS"
keepalive 10 120
tls-auth ta.key 0 # This file is secret
key-direction 0
cipher AES-128-CBC   # AES
auth SHA256
user nobody
group nogroup

UFW OpenVPN rules

# NAT table rules
# Allow traffic from OpenVPN client to eth0

Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Want to learn more? Join the DigitalOcean Community!

Join our DigitalOcean community of over a million developers for free! Get help and share knowledge in Q&A, subscribe to topics of interest, and get courses and tools that will help you grow as a developer and scale your project or business.

Connect to you server via web console and add rules to ufw firewall

sudo ufw allow proto udp from to port 53

sudo ufw allow proto tcp from to port 53

sudo ufw allow proto tcp from to port 80

Reboot server

sudo reboot

At the end reconnect your clients.

Did you find a solution? Facing the same issues myself…