starred/docker-ipsec-vpn-server
1
0
Fork 0
mirror of https://github.com/hwdsl2/docker-ipsec-vpn-server.git synced 2026-04-26 01:55:53 +03:00
Code Issues Projects Releases Packages Wiki Activity

[GH-ISSUE #443] [Question] combination with pi-hole DNS Server #416

New issue
Closed
opened 2026-03-02 08:18:47 +03:00 by kerem · 2 comments
kerem commented 2026-03-02 08:18:47 +03:00
Owner
Copy link

Originally created by @kingofdunghill on GitHub (Aug 13, 2024).
Original GitHub issue: https://github.com/hwdsl2/docker-ipsec-vpn-server/issues/443

Hi,

thanks for this great tool.

Unfortunately i cant get an alternative DNS server to work. Edited docker-compose, ikev2.conf and vpn-gen.env but without success.

It is a pi.hole DNS Server on 127.0.0.1

Thanks for help

vpn:
image: hwdsl2/ipsec-vpn-server
hostname: ipsec-vpn-server
container_name: ipsec-vpn-server
environment:
- VPN_DNS_SRV1=1.1.1.1 # optionally use custom primary dns server; default is Google DNS
- VPN_DNS_SRV2=1.0.0.1 # optionally use custom secondary dns server; default is Google DNS
- VPN_PROTECT_CONFIG=yes # optionally protect client config files using a random password
- VPN_IKEV2_ONLY=yes # disable both IPsec/L2TP and IPsec/XAuth modes; only use IKEv2
restart: always
ports:
- "500:500/udp"
- "4500:4500/udp"
privileged: true
volumes:
- /home/stipy/docker/vpn/ipsec-vpn-server/data:/etc/ipsec.d
- /lib/modules:/lib/modules:ro

Originally created by @kingofdunghill on GitHub (Aug 13, 2024). Original GitHub issue: https://github.com/hwdsl2/docker-ipsec-vpn-server/issues/443 Hi, thanks for this great tool. Unfortunately i cant get an alternative DNS server to work. Edited docker-compose, ikev2.conf and vpn-gen.env but without success. It is a pi.hole DNS Server on 127.0.0.1 Thanks for help vpn: image: hwdsl2/ipsec-vpn-server hostname: ipsec-vpn-server container_name: ipsec-vpn-server environment: - VPN_DNS_SRV1=1.1.1.1 # optionally use custom primary dns server; default is Google DNS - VPN_DNS_SRV2=1.0.0.1 # optionally use custom secondary dns server; default is Google DNS - VPN_PROTECT_CONFIG=yes # optionally protect client config files using a random password - VPN_IKEV2_ONLY=yes # disable both IPsec/L2TP and IPsec/XAuth modes; only use IKEv2 restart: always ports: - "500:500/udp" - "4500:4500/udp" privileged: true volumes: - /home/stipy/docker/vpn/ipsec-vpn-server/data:/etc/ipsec.d - /lib/modules:/lib/modules:ro
kerem closed this issue 2026-03-02 08:18:47 +03:00
kerem commented 2026-03-02 08:18:48 +03:00
Author
Owner
Copy link

@hwdsl2 commented on GitHub (Aug 13, 2024):

@kingofdunghill Hello! For your use case, if the Pi-hole DNS server runs in another container on the same Docker host, you can specify that container's internal IP address as the primary DNS server. To find the IP, run docker inspect YOUR_PIHOLE_CONTAINER_NAME and check the output.

On the other hand, if the Pi-hole DNS server runs directly on your Docker host, you may be able to specify the Docker host's IP address (e.g. 192.168.0.2) as the primary DNS server. Using 127.0.0.1 will not work because it points to the IPsec VPN container itself, not the Docker host.

The next step is to edit /etc/ipsec.d/ikev2.conf inside the Docker container (which maps to /home/stipy/docker/vpn/ipsec-vpn-server/data/ikev2.conf on your Docker host) and replace the value of the modecfgdns option with your desired DNS server(s). After that, restart the IPsec VPN Docker container to take effect.

Because IKEv2 is already set up in your Docker container, editing VPN_DNS_SRV1 and/or VPN_DNS_SRV2 in your Docker compose configuration may not work, but you can use the method above.

<!-- gh-comment-id:2287397290 --> @hwdsl2 commented on GitHub (Aug 13, 2024): @kingofdunghill Hello! For your use case, if the Pi-hole DNS server runs in another container on the same Docker host, you can specify that container's internal IP address as the primary DNS server. To find the IP, run `docker inspect YOUR_PIHOLE_CONTAINER_NAME` and check the output. On the other hand, if the Pi-hole DNS server runs directly on your Docker host, you may be able to specify the Docker host's IP address (e.g. `192.168.0.2`) as the primary DNS server. Using `127.0.0.1` will not work because it points to the IPsec VPN container itself, not the Docker host. The next step is to edit `/etc/ipsec.d/ikev2.conf` inside the Docker container (which maps to `/home/stipy/docker/vpn/ipsec-vpn-server/data/ikev2.conf` on your Docker host) and replace the value of the `modecfgdns` option with your desired DNS server(s). After that, restart the IPsec VPN Docker container to take effect. Because IKEv2 is already set up in your Docker container, editing `VPN_DNS_SRV1` and/or `VPN_DNS_SRV2` in your Docker compose configuration may not work, but you can use the method above.
kerem commented 2026-03-02 08:18:48 +03:00
Author
Owner
Copy link

@EnUfor commented on GitHub (Sep 10, 2024):

@kingofdunghill I ran into this issue when I moved my pihole/unbound from a VM to the same docker host as this ipsec-vpn server. Some of my containers could resolve DNS, some struggled, and some refused. Pihole would show that it was responding correctly, but the services would never receive responses. Not sure whether your pihole instance was containerized, but maybe this can help others that come across this issue.

I found this reddit post which led to this pi-hole discourse post

TL;DR: I had to change my pihole docker-compose file:

ports:
  - "53:53/udp"
  - ...

to

ports:
  - "10.0.0.2:53:53/udp"
  - ...

Where 10.0.0.2 was the IP of the host running the pihole container

Then updating the /etc/ipsec.d/ikev2.conf modecfgdns variable to pihole's IP (10.0.0.2) and restarting the container had everything working

<!-- gh-comment-id:2339579453 --> @EnUfor commented on GitHub (Sep 10, 2024): @kingofdunghill I ran into this issue when I moved my pihole/unbound from a VM to the same docker host as this ipsec-vpn server. Some of my containers could resolve DNS, some struggled, and some refused. Pihole would show that it was responding correctly, but the services would never receive responses. Not sure whether your pihole instance was containerized, but maybe this can help [others](https://github.com/hwdsl2/docker-ipsec-vpn-server/issues/102) that come across this issue. I found [this reddit post](https://www.reddit.com/r/homelab/comments/sknit5/comment/hvvu5qv/) which led to [this pi-hole discourse post](https://discourse.pi-hole.net/t/solve-dns-resolution-in-other-containers-when-using-docker-pihole/31413) TL;DR: I had to change my pihole docker-compose file: ```YAML ports: - "53:53/udp" - ... ``` to ```YAML ports: - "10.0.0.2:53:53/udp" - ... ``` Where 10.0.0.2 was the IP of the host running the pihole container Then updating the `/etc/ipsec.d/ikev2.conf` *modecfgdns* variable to pihole's IP (10.0.0.2) and restarting the container had everything working
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
No results found.
Labels
Clear labels   
bug

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
question
No labels
bug
pull-request
question
question
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/docker-ipsec-vpn-server#416
No description provided.