Any reason the VPN can’t stay as-is? Unless you don’t want it on the unraid box at all anymore. But going to unraid over VPN then out the rest of the network from there is a perfectly valid use case.
Well, I didn’t realize that was an option to be honest, lol. I am having some issues with that box at the moment though so having a pi or my router acting as the gateway appealed to me with it’s longer uptime
I think openvpn works completely fine for most use cases and didn’t have any trouble with it at all. I did however switch to wireguard on my gateway and I get a little better throughput compared to openvpn. That being said, I’m also using a pfsense box as my home gateway, so access to internal services has been easy as general routing gets.
If someone really wants this service but do not want to (or cannot) host it themself, ovpn.com offer this in their client. I used to have a pi-hole selfhosted but not anymore. Using their client on my phone as well solved the problem with blocking ads while not at home.
Adding a wireguard system that has iptables adjuated to include forwarding and masquerading will allow your single wireguard connection to see the rest of your LAN www.stavros.io/posts/how-to-configure-wireguard/
If you are totally new to wireguard setup, I found that reviewing all of these links gave me a better understanding of how the configuration setup worked. No one site seemed to cover it all, and each on had some good tips or explanation about a certain part of wireguard.
That great, thanks for the info. I was able to get Wireguard setup in unraid but they make it pretty easy, so I didn’t have a problem. I just didn’t think about connecting to the entire network, not just the server.
I ran Pi-hole for years. Switched to adguardhome running on 2 servers (primary and secondary) with AGH sync keeping the two instances identical. I like the UI better, dns rewrites, and the ability to simply block services entirely with a single click.
I did this as well, I still have 2 pihole instances running with gravitysync for now, but AGH sync is much easier to setup and maintain. My 2 pihole instances are running for my guest network only and AGH is running everything else.
I set it up manually using this as a guide. It was a lot of work because I had to adapt it to my use case (not using a VPS), so I couldn’t just follow the guide, but I learned a lot in the process and it works well.
I had something manual setup originally as well, but it became a bit of a maintenance hassle. Moving configs to devices was a bit of a pain, and generating keys wasnt easy.
Most services are on the unraid box. But I had a pi running Pi-hole for a long time (switched to adguardhome) and wanted that separate from the main server in case it went down. Pis boot up a lot faster than my server hardware and then you still need to start the array and mount drives. Having AGH on a Pi as primary DNS means minimal internet outages caused by my tinkering. I was given the 4 and put it in a really cool case that can fit a M.2 or 2.5" SSD and boot from it. So that is NextcloudPi and AGH. The 3 is because my 3d printer is nowhere near a LAN connection and 3 has WiFi. The 4 is sitting next to my router. We won’t mention the 1B I’ve been messing with too…
90% of network traffic uses the primary, but some things like to use both or exclusively the secomd one on random days.
I use Gravity-Sync to keep the settings/lists between them identical. (lots of local dns records for local self-hosted stuff, and each device has a static ip + dns record to identify it easily in logs)
I’ve seen a lot of descriptions of Tailscale but still have no idea what exactly it does. I get that it uses Wireguard, but what differentiates it from a typical VPN setup? NAT traversal?
It does the wireguard config for you so you don’t have to reconfigure each machine when a new item is added to your network. Still peer to peer type network rather than single vpn to a lan router
I host an openVPN instance from a Debian machine with my phone permanently connected to it.
Keeps my phone within my lan while roaming so it has access to non-public services like pihole, the arr stacks management interfaces, ssh/ftp, etc. Also keeps my browsing private + secure on public/work wifi.
Only the things I share with others like Emby get exposed to WAN (through a reverse proxy), the rest is VPN/LAN access only.
fritzhelp.avm.de/…/hilfe_internet_public_dnsI found this guide for the fritz!box to set up a fallback dns, I think it should be on by default as it is on mine but I would read the article just to make sure
I’m not sure if this is a response to my comment but the article I linked isn’t about setting a secondary dns, the fritz!box has a function that allows it to temporarily change the dns (usually to 8.8.8.8) if the specified dns isn’t working. It is separate from the “normal” dns settings.
You should put your pihole server in the dns server in the network settings. My mobile devices didn't use my pihole server until I changed the dns server configured there... (I am using a FritzBox as well)
mary DNS Server: Clients will first attempt to use the primary DNS server specified in their network settings. This ser
What’s the point tho? If your PiHole fails you need to know otherwise you could be risking days / months of web surfing in the fallback DNS server without even noticing it.
As for a reply, there’s no RFC that specifies that a specific order is applied to DNS servers. So in short, you can’t have a fallback that is reliable and most operating systems will just load balance or opportunistically pick between the two.
Thank you, this is what I was worrying about. As for the “why”, even if my server is quite stable, a shutdown may be necessary and sometimes slowdowns with pi-hole happened. Some redundancy would have been better.
Well, I’m not sure you read the other comments but there is confirmation that for clients there isn’t an order for DNS servers from RFC2182:
The distinction between primary and secondary servers is relevant only to the servers for the zone concerned, to the rest of the DNS there are simply multiple servers.
All are treated equally at first instance, even by the parent server that delegates the zone. Resolvers often measure the performance of the various servers, choose the “best”, for some definition of best, and prefer that one for most queries.
selfhosted
Hot
This magazine is from a federated server and may be incomplete. Browse more on the original instance.