Are you trying to setup OpenVPN server and not a client?

[ranveerkumar]

I have a WindScribe VPN service account.

Now when you say "Download openvpn configuration" - it gives me only a client configuration. However by following your configuration, it looks like you're trying to setup an OpenVPN server along with Pi-hole!

Your assistance is highly appreciated.

[Trigus42]

Yes, you have to download the client configuration from the OpenVPN (or Wireguard) config generator and place it in the corresponding directory (e.g. /etc/openvpn) and start the VPN tunnel. Whether your computer acts as a client or server just depends on the config file.
Is there any unclear or confusing part in particular?

If you want to set up a VPN server you should take a look at PiVPN.

[ranveerkumar]

Thanks for a real quick answer @Trigus42!
I've downloaded (from: Windscribe)

1. Config file
2. A zip containing: ca.crt, ta.key
   
   I just want pi.hole to redirect all my traffic via WindScribe VPN. Please guide!

[Trigus42]

You don't need the zip file with the certificate and key.
You just have to place the file into the directory /etc/openvpn/ and change the file extension to .conf (instead of .ovpn).

PS: If there is no reason to use OpenVPN I would recommend using Wireguard as you will get better speeds on a device with relatively low performance such as a Raspberry Pi.

[ranveerkumar]

I got your point!
Yes I'm not bound to use OpenVPN. I'll try switching to Wireguard. Here's my home infra:

• Pi-hole running on a Raspberry Pi 4 (8GB), within a docker container
• Speed 200mpbs

You're amazing!

[Trigus42]

Thanks. Is the issue if it is resolved for you, then?

[ranveerkumar]

Just starting on setting up wireguard, and then will follow further steps to hook pi hole with it
Sorry! I don't understand much of the network stuffs.

[ranveerkumar]

systemctl enable wg-quick@wg0
ERROR:systemctl:Unit [email protected] could not be found.

wg-quick up wg0
[#] ip link add wg0 type wireguard
RTNETLINK answers: Operation not permitted
Unable to access interface: Protocol not supported
[#] ip link delete dev wg0
Cannot find device "wg0"

[ranveerkumar]

iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
getsockopt failed strangely: Operation not permitted

[ranveerkumar]

Will it be a good idea to run this whole setup on the host itself and not within a docker container?

[Trigus42]

"service could not be found" | Protocol not supported

Have you installed Wireguard? Is the Wireguard module loaded (in your container)?
Check with lsmod | grep wireguard.
The output should look something like this:

Operation not permitted

Are you running all commands as root? Maybe try starting the docker container with the option --privileged?

Will it be a good idea to run this whole setup on the host itself and not within a docker container?

If it's possible, I would recommend it since I haven't tested it with docker and I also don't have much experience with docker.

[ranveerkumar]

Yes docker was running with --privileged.
However, composed it off already and moved to host. And I'm gonna follow everything from scratch. I don't wanna complicate stuffs at this level of traffic. Docker would probably good idea for other applications.

Thank you again!

[ranveerkumar]

FYI - the problem was that wireguard module wasn't loaded, and required linux-header update. I followed the solution (end of the page) from here: adrianmihalko/raspberrypiwireguard#11