dvap Posted September 10, 2020 Share Posted September 10, 2020 Hello, First of all Testdasi, thank you for your work here. I have gotten pi-hole with DOH working. I am wondering if there is a way I can use a different DNS than Cloudflare? Specifically, I would like to use cleanbrowsing.org which supports DOH. cleanbrowsing.org give me the following information for their DNS over HTTPS implementation. DNS over HTTPS: https://doh.cleanbrowsing.org/doh/custom-filter/*somenumbershereIdeleted*/ This way, I could end run my ISPs DNS and use the content filtering provided by cleanbrowing.org. thank you. Quote Link to comment
testdasi Posted September 10, 2020 Author Share Posted September 10, 2020 Update (10/09/2020): Added OpenVPN AIO Client which I wrote from scratch. Maybe I'll work on exposing cloudflared / stubby config to allow changing underlying DNS services if I have time. Still pondering if I should make a Pi-Hole with both DoH and DoT (cuz that's what I run on my actual RPi4) On 9/9/2020 at 7:05 PM, Squid said: FYI, a template author has no control over this entry https://forums.unraid.net/topic/38619-docker-template-xml-schema/page/2/?tab=comments#comment-773589 https://forums.unraid.net/topic/38619-docker-template-xml-schema/page/2/?tab=comments#comment-825087 Thanks but I'm a little OCD so I'll fix them regardless haha. 3 hours ago, dvap said: Hello, First of all Testdasi, thank you for your work here. I have gotten pi-hole with DOH working. I am wondering if there is a way I can use a different DNS than Cloudflare? Specifically, I would like to use cleanbrowsing.org which supports DOH. cleanbrowsing.org give me the following information for their DNS over HTTPS implementation. DNS over HTTPS: https://doh.cleanbrowsing.org/doh/custom-filter/*somenumbershereIdeleted*/ This way, I could end run my ISPs DNS and use the content filtering provided by cleanbrowing.org. thank you. I'll see if I have time to work on that. It sort of was in the to-do list. 1 Quote Link to comment
SudoGetMe Posted September 11, 2020 Share Posted September 11, 2020 Just wanted to say thanks for your work with this! I'm new to Unraid, but I was able to get this up and running in just a few minutes. 1 Quote Link to comment
dhstsw Posted September 11, 2020 Share Posted September 11, 2020 (edited) OpenVPN AIO Client not working here, looks like it can't find the openvpn.ovpn file (wich is where it's supposed to be). Lots of errors in log file: [info] Set up nftables rules [info] Flusing ruleset RTNETLINK answers: File exists [info] Added route 10.0.1.0/24 via 10.0.1.2 dev eth0 [info] Editing ruleset [info] Apply rules /nftables.rules:11:36-39: Error: Could not resolve service: Servname not found in nft services list add rule ip filter INPUT tcp sport om80 counter accept ^^^^ /nftables.rules:24:37-40: Error: Could not resolve service: Servname not found in nft services list [info] Set up nftables rules [info] Flusing ruleset RTNETLINK answers: File exists [info] Added route 10.0.1.0/24 via 10.0.1.2 dev eth0 [info] Editing ruleset [info] Apply rules /nftables.rules:11:36-39: Error: Could not resolve service: Servname not found in nft services list add rule ip filter INPUT tcp sport om80 counter accept ^^^^ /nftables.rules:24:37-40: Error: Could not resolve service: Servname not found in nft services list add rule ip filter OUTPUT tcp dport om80 counter accept ^^^^ [info] All rules created [info] Quick block test. Expected result is time out. Actual result is [removed] [info] Setting up OpenVPN tunnel [info] Create tunnel device [info] Allow DnS-over-TLS for openvpn to lookup VPN server Error: Could not process rule: No such file or directory add rule ip filter INPUT tcp sport 853 counter accept ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Error: Could not process rule: No such file or directory add rule ip filter OUTPUT tcp dport 853 counter accept ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ [info] Connecting to VPN on port om80 with proto tcp... [info] Your VPN public IP is [removed] [info] Block DnS-over-TLS to force traffic through tunnel Error: Could not process rule: No such file or directory list table filter ^^^^^^ Error: syntax error, unexpected newline, expecting number delete rule filter INPUT handle ^ Error: Could not process rule: No such file or directory list table filter ^^^^^^ Error: syntax error, unexpected newline, expecting number delete rule filter OUTPUT handle ^ [info] Change DNS servers to 10.0.1.3 [info] Adding 10.0.1.3 to /etc/resolv.conf [info] Allowing DNS lookups (tcp, udp port 53) to server '10.0.1.3' Error: Could not process rule: No such file or directory add rule ip filter INPUT ip saddr 10.0.1.3 tcp sport 53 ct state established counter accept ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Error: Could not process rule: No such file or directory add rule ip filter OUTPUT ip daddr 10.0.1.3 tcp dport 53 ct state new,established counter accept ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Error: Could not process rule: No such file or directory add rule ip filter INPUT ip saddr 10.0.1.3 udp sport 53 ct state established counter accept ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Error: Could not process rule: No such file or directory add rule ip filter OUTPUT ip daddr 10.0.1.3 udp dport 53 ct state new,established counter accept ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ [info] Done [info] Run danted in background on port 9118 Sep 11 14:41:12 (1599824472.472185) danted[88]: error: /etc/danted.conf: problem on line 2 near token "tun0": could not resolve hostname "tun0": Name or service not known. Please see the Dante manual for more information Sep 11 14:41:12 (1599824472.472260) danted[88]: alert: mother[1/1]: shutting down Any hint? Edited September 11, 2020 by dhstsw Quote Link to comment
testdasi Posted September 11, 2020 Author Share Posted September 11, 2020 18 hours ago, dvap said: Hello, First of all Testdasi, thank you for your work here. I have gotten pi-hole with DOH working. I am wondering if there is a way I can use a different DNS than Cloudflare? Specifically, I would like to use cleanbrowsing.org which supports DOH. cleanbrowsing.org give me the following information for their DNS over HTTPS implementation. On 2nd thought, you are probably better off using ICH777's DoH Client. The intentention of my Pihole with DoH / DoT is to add DoH / DoT to Pihole for privacy reasons. Beside not letting your ISP sees your DNS queries, it also centralises blocking / filtering management within YOUR Pihole instead of in some 3rd-party servers. Using a filtering DNS with Pihole wouldn't be quite the use case for the docker. ICH777's docker already allows your to pick different DoH services so you can use a filtering DNS with it. 9 hours ago, SudoGetMe said: Just wanted to say thanks for your work with this! I'm new to Unraid, but I was able to get this up and running in just a few minutes. Thanks. Glad to know it is helpful. 1 Quote Link to comment
testdasi Posted September 11, 2020 Author Share Posted September 11, 2020 7 minutes ago, dhstsw said: Not working here, looks like it can't find the openvpn.ovpn file (wich is where it's supposed to be). Lots of errors in log file: Any hint? Is your VPN running on port 80? That is a bit unusual. In your OVPN config file, add 3 spaces before 80. (so it's blabla.com 80 -> blabla.com 80). See if it works. Quote Link to comment
dhstsw Posted September 11, 2020 Share Posted September 11, 2020 4 minutes ago, testdasi said: Is your VPN running on port 80? That is a bit unusual. In your OVPN config file, add 3 spaces before 80. (so it's blabla.com 80 -> blabla.com 80). See if it works. Well, that was weird. With the 3 spaces it does work. Thanks! One question: would it be possible to use the container as a gateway? Currently i'm using an ubuntu server vm configured as in the video below (with mods). That's because using an openvpn as a proxy the service i try to connect to detects the VPN (i guess there are leaks). With a gateway everything works as intended. Thanks. 1 Quote Link to comment
testdasi Posted September 11, 2020 Author Share Posted September 11, 2020 2 hours ago, dhstsw said: Well, that was weird. With the 3 spaces it does work. Thanks! One question: would it be possible to use the container as a gateway? Currently i'm using an ubuntu server vm configured as in the video below (with mods). That's because using an openvpn as a proxy the service i try to connect to detects the VPN (i guess there are leaks). With a gateway everything works as intended. Thanks. If there's a use case for a VPN VM over VPN docker, it's yours. Docker networking is extremely complex and I haven't seen anything that works in terms of making a VPN docker become a gateway. Also I fixed the bug so you don't need to add extra space to the ovpn now. Quote Link to comment
dhstsw Posted September 12, 2020 Share Posted September 12, 2020 17 hours ago, testdasi said: If there's a use case for a VPN VM over VPN docker, it's yours. Docker networking is extremely complex and I haven't seen anything that works in terms of making a VPN docker become a gateway. Also I fixed the bug so you don't need to add extra space to the ovpn now. Thanks for everything C. 1 Quote Link to comment
testdasi Posted September 12, 2020 Author Share Posted September 12, 2020 Update (12/09/2020): Added Pi-Hole DoT DoH. This This docker supercedes my previous Pi-Hole with DoH and Pi-Hole with DoT dockers. Pondering if I should write a mod module to add VPN to LSIO dockers. On 9/10/2020 at 6:18 PM, dvap said: I am wondering if there is a way I can use a different DNS than Cloudflare? Hey, my latest Pi-Hole DoT DoH docker has exposed config files so you can add additional services (and remove cloudflare). Just edit cloudflared.yml in your Unraid appdata folder. Note: Cloudflared is the app the enable DoH. Cloudflare (no "d") is the DNS service. 1 Quote Link to comment
Toskache Posted September 14, 2020 Share Posted September 14, 2020 (edited) It looks like I'm a little too stupid ... At the moment pihole runs fine on a RaPi3, but I want to "move" this service to the unraid server. Unfortunately, I can't get to the web console (website not available). The docker is created with this settings: root @ localhost: # /usr/local/emhttp/plugins/dynamix.docker.manager/scripts/docker run -d --name = 'Pihole-DoT-DoH' --net = 'bridge' -e TZ = "Europe / Berlin "-e HOST_OS =" Unraid "-e 'DNS1' = '127.1.1.1 # 5153' -e 'DNS2' = '127.2.2.2 # 5253' -e 'TZ' = 'Europe / London' -e ' WEBPASSWORD '=' password '-e' INTERFACE '=' br0 '-e' ServerIP '=' 192.168.2.9 '-e' ServerIPv6 '=' '-e' IPv6 '=' False '-e' DNSMASQ_LISTENING '=' all '-p' 10053: 10053 / tcp '-p' 10053: 10053 / udp '-p' 10067: 10067 / udp '-p' 10080: 10080 / tcp '-p' 10443: 10443 / tcp '-v' / mnt / user / appdata / pihole-dot-doh / pihole / ':' / etc / pihole / ':' rw '-v' /mnt/user/appdata/pihole-dot-doh/dnsmasq.d/ ': '/etc/dnsmasq.d/':'rw' -v '/ mnt / user / appdata / pihole-dot-doh / config /': '/ config /': 'rw' --cap-add = NET_ADMIN - -restart = unless-stopped 'testdasi / pihole-dot-doh: stable-amd64' 192.168.2.1 is my router and 192.168.2.4 the IP of the unraid-server. I think the problem is the "ServerIP"-Variable!? I've already tried a few variations. I am grateful for every thought stimulus! Edited September 14, 2020 by Toskache Typo 1 Quote Link to comment
FlippinTurt Posted September 14, 2020 Share Posted September 14, 2020 14 minutes ago, Toskache said: It looks like I'm a little too stupid ... At the moment pihole runs fine on a RaPi3, but I want to "move" this service to the unraid server. Unfortunately, I can't get to the web console (website not available). The docke is created with this settings: root @ localhost: # /usr/local/emhttp/plugins/dynamix.docker.manager/scripts/docker run -d --name = 'Pihole-DoT-DoH' --net = 'bridge' -e TZ = "Europe / Berlin "-e HOST_OS =" Unraid "-e 'DNS1' = '127.1.1.1 # 5153' -e 'DNS2' = '127.2.2.2 # 5253' -e 'TZ' = 'Europe / London' -e ' WEBPASSWORD '=' password '-e' INTERFACE '=' br0 '-e' ServerIP '=' 192.168.2.9 '-e' ServerIPv6 '=' '-e' IPv6 '=' False '-e' DNSMASQ_LISTENING '=' all '-p' 10053: 10053 / tcp '-p' 10053: 10053 / udp '-p' 10067: 10067 / udp '-p' 10080: 10080 / tcp '-p' 10443: 10443 / tcp '-v' / mnt / user / appdata / pihole-dot-doh / pihole / ':' / etc / pihole / ':' rw '-v' /mnt/user/appdata/pihole-dot-doh/dnsmasq.d/ ': '/etc/dnsmasq.d/':'rw' -v '/ mnt / user / appdata / pihole-dot-doh / config /': '/ config /': 'rw' --cap-add = NET_ADMIN - -restart = unless-stopped 'testdasi / pihole-dot-doh: stable-amd64' 192.168.2.1 is my router and 192.168.2.4 the IP of the unraid-server. I think the problem is the "ServerIP"-Variable!? I've already tried a few variations. I am grateful for every thought stimulus! Also having this issue, worked fine, then did an update to the black pi logo and it refuses to start up, sits on the below, doesn't get any further unless i assign it as bridge and is the same ip as unraid - however this still won't let me access the webui [i] Existing dnsmasq.conf found... it is not a Pi-hole file, leaving alone! chown: cannot access '': No such file or directory chmod: cannot access '': No such file or directory chown: cannot access '/etc/pihole/dhcp.leases': No such file or directory ::: Pre existing WEBPASSWORD found Using custom DNS servers: 127.1.1.1#5153 & 127.2.2.2#5253 DNSMasq binding to custom interface: custom : br0 Added ENV to php: "PHP_ERROR_LOG" => "/var/log/lighttpd/error.log", "ServerIP" => "192.168.1.6", "VIRTUAL_HOST" => "192.168.1.6", Using IPv4 ::: Preexisting ad list /etc/pihole/adlists.list detected ((exiting setup_blocklists early)) https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts https://mirror1.malwaredomains.com/files/justdomains ::: Testing pihole-FTL DNS: FTL started! ::: Testing lighttpd config: Syntax OK ::: All config checks passed, cleared for startup ... ::: Docker start setup complete [✗] DNS resolution is currently unavailable Quote Link to comment
testdasi Posted September 15, 2020 Author Share Posted September 15, 2020 23 hours ago, Toskache said: It looks like I'm a little too stupid ... At the moment pihole runs fine on a RaPi3, but I want to "move" this service to the unraid server. Unfortunately, I can't get to the web console (website not available). The docker is created with this settings: root @ localhost: # /usr/local/emhttp/plugins/dynamix.docker.manager/scripts/docker run -d --name = 'Pihole-DoT-DoH' --net = 'bridge' -e TZ = "Europe / Berlin "-e HOST_OS =" Unraid "-e 'DNS1' = '127.1.1.1 # 5153' -e 'DNS2' = '127.2.2.2 # 5253' -e 'TZ' = 'Europe / London' -e ' WEBPASSWORD '=' password '-e' INTERFACE '=' br0 '-e' ServerIP '=' 192.168.2.9 '-e' ServerIPv6 '=' '-e' IPv6 '=' False '-e' DNSMASQ_LISTENING '=' all '-p' 10053: 10053 / tcp '-p' 10053: 10053 / udp '-p' 10067: 10067 / udp '-p' 10080: 10080 / tcp '-p' 10443: 10443 / tcp '-v' / mnt / user / appdata / pihole-dot-doh / pihole / ':' / etc / pihole / ':' rw '-v' /mnt/user/appdata/pihole-dot-doh/dnsmasq.d/ ': '/etc/dnsmasq.d/':'rw' -v '/ mnt / user / appdata / pihole-dot-doh / config /': '/ config /': 'rw' --cap-add = NET_ADMIN - -restart = unless-stopped 'testdasi / pihole-dot-doh: stable-amd64' 192.168.2.1 is my router and 192.168.2.4 the IP of the unraid-server. I think the problem is the "ServerIP"-Variable!? I've already tried a few variations. I am grateful for every thought stimulus! Firstly, you picked "bridge" network. That will never work because Unraid sits on port 53, which is required for DNS lookup. You should pick br0 or br1 (i.e. the Unraid macvlan bridge. If you don't see br0/br1 option, go to Settings -> Dockers to enable it, you might have to disable docker for the option to show up). Secondly, your port mappings are off. The 5 ports should be 53tcp 53udp 67 80 443. That probably was because of the bridge network mappings getting carried over. The server IP should be the static IP you assign to the docker, not the IP of your Unraid server. I made some changes to the template to make things clearer. I would suggest to uninstall the docker for now, wait about 2 hours for CA to pick up the change and reinstall. If you see "YOU MUST ASSIGN A STATIC IP TO THE DOCKER FOR PIHOLE TO WORK." in the description, that's the new template version. 23 hours ago, FlippinTurt said: Also having this issue, worked fine, then did an update to the black pi logo and it refuses to start up, sits on the below, doesn't get any further unless i assign it as bridge and is the same ip as unraid - however this still won't let me access the webui Hmm... same advice as above. Uninstall the docker and wait till you see "YOU MUST ASSIGN A STATIC IP TO THE DOCKER FOR PIHOLE TO WORK." in description (i.e. new version of the template was loaded to CA) and reinstall from CA template i.e. don't reuse your old template. It runs fine on my server so I'm guessing the template was the issue. 1 Quote Link to comment
testdasi Posted September 15, 2020 Author Share Posted September 15, 2020 @Toskache, @FlippinTurt: CA has updated the latest template. Give that another try. 1 Quote Link to comment
Toskache Posted September 15, 2020 Share Posted September 15, 2020 @testdasi Now it's simple enough for me. It works very fine. Thank you for your great support and your efforts! 1 Quote Link to comment
testdasi Posted September 15, 2020 Author Share Posted September 15, 2020 Update (15/09/2020): Fixed some bugs. On request, added tag stable-torless-amd64 for a version without TOR for marginally less resource usage. Quote Link to comment
testdasi Posted September 17, 2020 Author Share Posted September 17, 2020 Update (17/09/2020): Added OpenVPN HyDeSa docker Fixed some minor bugs Quote Link to comment
testdasi Posted September 18, 2020 Author Share Posted September 18, 2020 Update (18/09/2020): Added OpenVPN HyRoSa docker Recoded HyDeSa and HyRoSa to use centralised static repo Coded a Web quick launcher for HyDeSa and HyRoSa Quote Link to comment
Aegisnir Posted September 19, 2020 Share Posted September 19, 2020 (edited) Just installed the OpenVPN HyDeSa container. The kill switch does not seem to work correctly. I just installed it and the container running and is reporting my real IP address(used curl ifconfig.io to verify). I did not setup any OVPN config files yet so I would assume the container should refuse to start or at least refuse connection to the internet shouldn't it? Edited September 19, 2020 by Aegisnir 1 Quote Link to comment
testdasi Posted September 20, 2020 Author Share Posted September 20, 2020 16 hours ago, Aegisnir said: Just installed the OpenVPN HyDeSa container. The kill switch does not seem to work correctly. I just installed it and the container running and is reporting my real IP address(used curl ifconfig.io to verify). I did not setup any OVPN config files yet so I would assume the container should refuse to start or at least refuse connection to the internet shouldn't it? Thanks for reporting. I fixed that. I was assuming users would follow the instructions (even added reminder "DON'T FORGET THE OVPN FILE!!!" in the docker description) but I guess just crashing the docker is a better approach. Quote Link to comment
Aegisnir Posted September 20, 2020 Share Posted September 20, 2020 1 hour ago, testdasi said: Thanks for reporting. I fixed that. I was assuming users would follow the instructions (even added reminder "DON'T FORGET THE OVPN FILE!!!" in the docker description) but I guess just crashing the docker is a better approach. Yeah I read that step but it concerned me that the container was running when the VPN link was not up as there was no VPN configured yet. Made me think that if my VPN ever stopped, the container would continue to run without it and reveal my IP and data. Thanks. Quote Link to comment
testdasi Posted September 20, 2020 Author Share Posted September 20, 2020 (edited) 1 hour ago, Aegisnir said: Yeah I read that step but it concerned me that the container was running when the VPN link was not up as there was no VPN configured yet. Made me think that if my VPN ever stopped, the container would continue to run without it and reveal my IP and data. Thanks. That shouldn't happen. I tested specifically for that scenario. It's like doing car crash prevention technology. It has to assume you wear a seatbelt and build additional safety around that assumption e.g. some of the emergency braking is so sudden that at sufficient speed, you can break a few rib crashing into the steering wheel without wearing a seatbelt. So in this particular case, I provided specific instructions that say "put on a seatbelt" and "DON'T FORGET THE SEATBELT" reminder so I assume people already wear a seatbelt. Completely different scenarios. The new logic would not start the engine if there's no seatbelt. Edited September 20, 2020 by testdasi Quote Link to comment
Aegisnir Posted September 20, 2020 Share Posted September 20, 2020 3 minutes ago, testdasi said: That shouldn't happen. I tested specifically for that scenario. It's like doing car crash prevention technology. It has to assume you wear a seatbelt and build additional safety around that assumption e.g. some of the emergency braking is so sudden that at sufficient speed, you can break a few rib crashing into the steering wheel without wearing a seatbelt. So in this particular case, I provided specific instructions that say "put on a seatbelt" and "DON'T FORGET THE SEATBELT" reminder so I assume people already wear a seatbelt. The new logic would not start the engine if there's no seatbelt. Completely different scenarios. Understood. Just a different approach from what I am used to seeing on other containers with VPNs where it simply refuses to run without a VPN link. As a novice user, it scared me to see the container running without it. I do not fully understand all the back end work that goes into this and simply reported it as it was something I did not expect and thought it may have been an issue. Thank you for the explanation and updating the container. 1 Quote Link to comment
testdasi Posted September 20, 2020 Author Share Posted September 20, 2020 (edited) Update (21/09/2020): OpenVPN-based dockers now will crash out if the user doesn't provide an ovpn file as per instructions. Deprecated rutorrent-plus-plus as binhex has implemented multi-remote functionality. Please use his docker instead. Added Grafana Unraid Stack Quick screenshot: Edited September 21, 2020 by testdasi Quote Link to comment
Sic79 Posted September 21, 2020 Share Posted September 21, 2020 (edited) 10 hours ago, testdasi said: Update (21/09/2020): OpenVPN-based dockers now will crash out if the user doesn't provide an ovpn file as per instructions. Added Grafana Unraid Stack Quick screenshot: Worked really nice, thank you for the Docker. I would also love to have monitoring of my APC UPS, or maybe it´s hard to add in your docker since ppl use different brands? I assume if I add that manually it would disappear on a future update? Edit: Did just notice that CPU does not report temp. I have a Intel E5 2697 V3 if that helps Edited September 21, 2020 by Sic79 Issue Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.