I installed Adguard Home + Unbound and configured Adguard to use Unbound as the upstream DNS server. I configured the DHCP-server settings of my router to use the dietpi IP address as DNS server which is Adguard Home’s IP. If I connect NordVPN using DietPi-VPN other devices on my network can’t access the internet but if I disconnect the DietPi-VPN they are able to access the internet using Adguard as the DNS server. Is it possible to run Adguard and the DietPi-VPN simultaneously?
I guess you enabled killswitch? If yes, it is e expected behaviour
Hey Joulinar.
No, I have the killswitch disabled.
When connected to the VPN, what is the output of:
iptables-save -c; ip -4 addr; ip -4 ro list table all; ip -4 ru
Hi Trendy.
The following:
root@DietPi:~# iptables-save -c; ip -4 addr; ip -4 ro list table all; ip -4 ru
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group defaul t qlen 1000
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group defa ult qlen 1000
altname end0
inet 192.168.3.2/24 brd 192.168.3.255 scope global eth0
valid_lft forever preferred_lft forever
3: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast sta te UNKNOWN group default qlen 500
inet 10.100.0.2/24 scope global tun0
valid_lft forever preferred_lft forever
0.0.0.0/1 via 10.100.0.1 dev tun0
default via 192.168.3.1 dev eth0 onlink
10.100.0.0/24 dev tun0 proto kernel scope link src 10.100.0.2
128.0.0.0/1 via 10.100.0.1 dev tun0
185.245.86.107 via 192.168.3.1 dev eth0
192.168.3.0/24 dev eth0 proto kernel scope link src 192.168.3.2
local 10.100.0.2 dev tun0 table local proto kernel scope host src 10.100.0.2
broadcast 10.100.0.255 dev tun0 table local proto kernel scope link src 10.100.0 .2
local 127.0.0.0/8 dev lo table local proto kernel scope host src 127.0.0.1
local 127.0.0.1 dev lo table local proto kernel scope host src 127.0.0.1
broadcast 127.255.255.255 dev lo table local proto kernel scope link src 127.0.0 .1
local 192.168.3.2 dev eth0 table local proto kernel scope host src 192.168.3.2
broadcast 192.168.3.255 dev eth0 table local proto kernel scope link src 192.168 .3.2
0: from all lookup local
32766: from all lookup main
32767: from all lookup default
From a first look, it seems that it should be working. But there is no output from iptables.
Can you verify that iptables-save -c is not returning anything?
Maybe there are nftables? nft list ruleset
Hi Trendy
The first command returns nothing and the second command returns “command not found”
root@DietPi:~# iptables-save -c
root@DietPi:~# nft list ruleset
-bash: nft: command not found
What about iptables -L -n ?
root@DietPi:~# iptables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Quite strange, there doesn’t seem to be any firewall running there.
Let’s verify that we have packets. Install tcpdump if it is not already there: apt update && apt install -y tcpdump
Then capture 50 DNS packets:
tcpdump -i any -vnn -c 50 port 53
This topic was automatically closed 178 days after the last reply. New replies are no longer allowed.