DNS over HTTPS (DoH) with OpenVPN Client

I followed this excellent article on how to set up DoH on the Raspberry Pi:
And it appears to work great on the Pi as tested with this command:
dig @ -p 5053 google.com
My Pi is an OpenVPN client acting as a Gateway for my home network, so in the OpenVPN client.conf file I added this setting:
dhcp-option DNS
But it does not appear to be working, as when I do this on my Windows PC using the Pi Gateway, it shows this:
>nslookup all
Server: google-public-dns-a.google.com
How can I test for sure if its working or not, and if its not working, what am I doing wrong?

Would you mind to share the output of “ipconfig /all”, your server and client configuration?

Remove all security related information from it

Ok, here are my three devices: Windows PC --> Pi OpenVPN Client / Gateway --> Pi OpenVPN Server.
Raspberry doesn’t have an ‘ipconfig /all’, the closest thing is ‘ifconfig -a’, so I hope it provides enough information:

Windows PC:

Pi OpenVPN Client/Gateway (

Pi OpenVPN Server:

More info:
I noticed the and in the DNS address list and realized that it was coming from my pfSense Router assignment on DHCP page.
So I change it to point to for the DNS server:
DNS Servers . . . . . . . . . . . :
So now when I do this, it craps out:
nslookup all
DNS request timed out.
timeout was 2 seconds.
Server: UnKnown

So, clearly that didn’t help. I even tried “” for the DNS address, but pfSense did not like that at all.


Ok, one last thing and then I’ll stop dicking with it and wait for your advice:
Because 5053 is not the standard DNS port, I changed the Cloudflare service on my Pi OpenVPN Client/Gateway to use the standard port (53) instead:
CloudflareD_OPTS=--port 53 --upstream
Then restarted the service:
sudo systemctl restart Cloudflared
Then put ‘’ back in as the primary DNS server in pfSense for that interface.
Blah, still craps out :frowning:
nslookup all
DNS request timed out.
timeout was 2 seconds.
Server: UnKnown

More clues:
I get this error message when I run ‘service Cloudflared status’:
"Failed to start the listeners...permission denied"

OK, after finding that “permission denied” error, I changed all the permission to ‘root’ for the app and the service and the configuration file…then rebooted.
Now I don’t get that error anymore, and it shows that port 53 on the OpenVPN Client Pi is being listened to:
tcp 0 0* LISTEN
So I reset the DHCP on the pfSense router to list (the OpenVPN Client Pi/Gateway) as the primary DNS server, but when I do “nslookup all”, it still times out!

This topic was automatically closed after 14 days. New replies are no longer allowed.