Here is the repo https://gitlab.com/grublets/youtube-updater-for-pi-hole

YouTube updater for Pi-hole

Quick and dirty script that may help with YouTube ads.

This is not ideal and not as good as running a proper ad blocker in a
browser, but for things like AppleTV it seems to work well enough. Every
time an ad slips through, it adds the offending hostname to the
hosts file in which we force an IP of our choosing.

N.B. You must block outgoing DNS from anything but your Pi-holes for maximum
effectiveness (even better, redirect to your Pi-hole!)
Some apps have hard-coded DNS servers that will bypass your Pi-hole.
If you don't do this then use the script, please don't complain about ads
in, for example, your Samsung TV's YouTube app.
Read the manual for your network gateway device.

Avoid updating any official YouTube apps if possible.

Install

[Do all these as root]

01 - Download the script to a sane area eg.: /usr/local/bin

02 - Make it executable. "chmod a+x youtube.update.sh"

[steps 03-06 ensure you are using a geoip'd IP close to where you are]

03 - Use the Pi-hole's "Query Log" function and seach for "googlevideo.com".

04 - Look for a hostname similar to "r6---sn-ni5f-tfbl.googlevideo.com" It won't match the example, but you will know one when you see one. You will likely have many matches, pick one at random. If you don't see any, watch some YouTube! :)

05 - Perform a name lookup on that hostname you found eg.: "nslookup r6---sn-ni5f-tfbl.googlevideo.com"

06 - Copy the IPv4 IP address it returns.

07 - Edit the script, change the forceIP="123.456.789.999" to the real numbers you copied in step 5.

08 - Save it.

09 - Execute the script for the first time "./youtube.update.sh"

10 - Restart Pi-hole DNS "pihole restartdns"

11 - Automate it to run every minute for constant updates as new things slip through. I did mine in cron. "man cron" if you don't know how.

Hello i just create droplet on D.ocean which pre-compiled pic below of openvpn+pihole, my problem is, i want to use pihole both side let suppose i want to use pihole as DNS server on my home pc, and with .ovpn file on my mobile phone unfortunately my pc not working with just putting dns address that is 10.0.8.x.x but the other side when i connect my mobile with client file .ovpn with openvpn connect client it works perfect.I tried my vps server ip i.e 142.x.x.x and dns on my pc but same issue dns server isn’t respond. then i download openvpn client for pc the connect with that it works fine :slight_smile: Is it possible that i want to use my pc without openvpn client b’cz i don’t need vpn on my pc just need pi-hole dns on my pc if yes please help me out to configure my vps accordingly all suggestions and recommendations are highly appreciated, thanks in advance :slight_smile:

Hallo!

I just spun up the VM, and found that I am able to connect to the VPN etc, but I cannot edit the VPN config page (https://openvpn.net/vpn-server-resources/how-to-configure-openvpn-as-with-admin-web-ui/). I then tried to use OpenVPN's steps for troubleshooting (https://openvpn.net/vpn-server-resources/troubleshooting-access-to-the-web-interface/), but to no avail.

Upon further investigation, I was unable to find the ./sacli app.

Any tips?

All Droplets get a private network by default now. This results in the script grabbing the private IP instead of the public one. Pretty easy fix here: https://github.com/digitalocean/OpenVPN-Pihole/blob/master/client-tools/vpn-up#L82

Just need to update and validate. Not sure it's always IP 2 though so probably need to check for not a 10. address or alternate between trying to ssh into each address.

Should we make this configurable?

I am currently connected to my server and he cannot connect. We have tried it when I was disconnected and everything. It was working last night now it has stopped working for him. I have created multiple profiles none of which have worked. When he runs it through openvpn gui it returns with this:
Wed Dec 16 09:27:18 2020 OpenVPN 2.5_rc3 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Oct 19 2020
Wed Dec 16 09:27:18 2020 Windows version 10.0 (Windows 10 or greater) 64bit
Wed Dec 16 09:27:18 2020 library versions: OpenSSL 1.1.1h 22 Sep 2020, LZO 2.10
Wed Dec 16 09:27:18 2020 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25341
Wed Dec 16 09:27:18 2020 Need hold release from management interface, waiting...
Wed Dec 16 09:27:18 2020 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25341
Wed Dec 16 09:27:19 2020 MANAGEMENT: CMD 'state on'
Wed Dec 16 09:27:19 2020 MANAGEMENT: CMD 'log all on'
Wed Dec 16 09:27:19 2020 MANAGEMENT: CMD 'echo all on'
Wed Dec 16 09:27:19 2020 MANAGEMENT: CMD 'bytecount 5'
Wed Dec 16 09:27:19 2020 MANAGEMENT: CMD 'hold off'
Wed Dec 16 09:27:19 2020 MANAGEMENT: CMD 'hold release'
Wed Dec 16 09:27:19 2020 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Wed Dec 16 09:27:19 2020 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Wed Dec 16 09:27:19 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]138.197.200.203:1194
Wed Dec 16 09:27:19 2020 Socket Buffers: R=[65536->65536] S=[65536->65536]
Wed Dec 16 09:27:19 2020 UDP link local: (not bound)
Wed Dec 16 09:27:19 2020 UDP link remote: [AF_INET]138.197.200.203:1194
Wed Dec 16 09:27:19 2020 MANAGEMENT: >STATE:1608139639,WAIT,,,,,,

After it says that, it just sits there and repeats itself. Anyone know how to fix this? Thanks!

I used the one click installation and I'm constantly being disconnected on any device I own. It works GREAT then out of nowhere it just stops receiving data from the server. So frustrated because when it works it's perfect 😫

22:32:48.902 -- Session invalidated: KEEPALIVE_TIMEOUT

22:32:48.903 -- Client terminated, restarting in 2000 ms...

22:32:50.908 -- EVENT: RECONNECTING

22:32:50.916 -- EVENT: RESOLVE

Dear all,
due to the 90d validity-policy of the OpenVPN certs, I recently destroyed and redeployed my DigitialOcean droplet (1 GB mem, 25 GB disk, hosted in FRA1) and now face the absence of the PiHole-component -- the OpenVPN-component works, I can create certs and see connected clients in the logs. When I SSH into the droplet, I cannot see PiHole running in the list of services. Neither does the "pihole" command set seem to be available. It all looks like the entire component is not installed and running.

I deployed the droplet via the DigitialOcean Marketplace on 2022-09-03 1pm CEST.
Could someone please have a look, share their experience, or provide hints on how to fix this, please? Since the entire setup seems to rely on PiHole providing the DNS, also the OpenVPN-component is not usable, unfortunately.
Thanks allot in advance!
Best regards
Oliver

Can you please add a guide for floating ip?

I can't connect to the OpenVPN, I have been using it all good until today. What do i have to do, please help me. thx

⏎1/18/2021, 4:48:23 PM EVENT: CONNECTING ⏎1/18/2021, 4:48:23 PM VERIFY OK: depth=1, /CN=ChangeMe
⏎1/18/2021, 4:48:23 PM VERIFY FAIL: depth=0, /CN=server [certificate has expired]
⏎1/18/2021, 4:48:23 PM Transport Error: OpenSSLContext::SSL::read_cleartext: BIO_read failed, cap=2576 status=-1: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
⏎1/18/2021, 4:48:23 PM EVENT: CERT_VERIFY_FAIL OpenSSLContext::SSL::read_cleartext: BIO_read failed, cap=2576 status=-1: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed⏎1/18/2021, 4:48:23 PM EVENT: DISCONNECTED ⏎1/18/2021, 4:48:25 PM Raw stats on disconnect:
  BYTES_IN : 2424
  BYTES_OUT : 555
  PACKETS_IN : 4
  PACKETS_OUT : 3
  SSL_ERROR : 1
  CERT_VERIFY_FAIL : 1

When updating to the latest version of Pi-Hole using pihole -up, the following message is shown:

Unsupported OS detected: Ubuntu 18.04

Once force continuing with the command sudo PIHOLE_SKIP_OS_CHECK=true pihole -r, FTL does not seem to start.

Hi
Is it possible for this app to support the $4 tier of digital ocean? It functions well as a persistent VPN for 1 or 2 devices, and now that the price of a default tier has gone up to $6, I was wondering if it would be possible to deploy this to a lower tier.
Thanks

I've been enjoying this from the marketplace but I hit a wall at work that I believe is blocking port 1194.

I tried changing the server.conf to another port as well as changing the client.ovpn to the new port, added to firewall and restarted services. Couldn't get connected and I am currently reverting my changes. I'm not sure if I've overlooked something but is there a way to specify the port?

Maybe that could be a fist boot screen before making the files. Just an idea.

As per the documentation, new clients are created using /root/create-client-config.sh CLIENT_NAME

How would one go about revoking a client?

REMOVED

I made the installation according to the instructions, everything went OK and pihole is running (pihole status command returns successfully). But I cannot access to webserver. I am using Windows 11, OpenVPN is also the latest one from October 5th. Is there a fix for that or maybe a compatibility issue within?

Hi, I've just created a droplet at DigitalOcean with this image. In the instructions, it says:

To set / reset the admin password run:
pihole -a -p

However, when I run the command, I got this:

root@openvpn-pihole-ubuntu-s-1vcpu-1gb-nyc1-01:~# pihole -a -p

Command 'pihole' not found, did you mean:

command 'pahole' from deb dwarves

Try: apt install

Thanks in advance.

Hello.

First of all, thank you for your solution! It helps many people in those difficult times. Thank you!

Pi-hole + OpenVPN solution in digital ocean doesn't work now and I think that the reason is this https://discourse.pi-hole.net/t/psa-dropping-support-for-ubuntu-18-04/57523

Could you please fix your solution in Digital Ocean marketplace?

error message: ERROR: Cannot ioctl TUNSETIFF tun: Operation not permitted (errno=1)

• DELETE -

Aloha,
i just created an openvpn + pihole droplet.
Since the update to PiHole 5.0, the Admin GUI is not accessible, neither via "pi.hole/admin" or the droplet IP. Nevertheless, access is possible via 10.8.0.1/admin
After changing the the nameserver in /etc/resolv.conf from 127.0.0.53 to, for example, google's or cloudflare's DNS, the GUI can be reached again under pi.hole/admin.

furthermore it was not possible to add a blocklist to the adlist before the change.

Error, something went wrong!

While executing: attempt to write a readonly database

Added 0 out of 1 adlists

after changing the nameserver, this was possible again.

greetings

We have our VPN IP whitelisted in our Client network, so we have to renew and update the existing to work with them.

Can you help putting a guide for this?

I have launched a new OpenVPN-Pihole server in Digital Ocean and it is really running perfectly with the the existing client.opvn client config file. However, when I try to add a new config file I get the following error:

"root@myserver:~# create-client-config.sh client2
create-client-config.sh: command not found"

I made sure that the command is there by listing the directory

"root@myserver:~# ls
client.ovpn create-client-config.sh"

Please advise

I installed the droplet with this config. How do I set it up? I am confused

Overview

When a new droplet is created, the default resolver is set to 127.0.0.53 by systemd-resolve. This causes networking to not work correctly for the pihole daemon and root user.

Why does this matter?

Since the pihole deamon can't resolve dns, gravity fails to update. This means that no new blocked domains will be automatically pulled in. It also stops apt updates from working correctly as well, leaving the system in a more vulnerable state.

How can this be fixed?

Change the default resolver from being systemd-resolve to pihole's dns resolver. A manual fix for this issue involves editing /etc/resolve.confto perform dns resolution against 127.0.0.1.