Rpi4 + OMV5 + PiHole via Portainer

    • OMV 5.x (beta)
    • Rpi4 + OMV5 + PiHole via Portainer

      Does anyone have this working? The latest OMV5 version (5.2.5-1 Usul) no longer has a GUI to launch Docker images - the new way is via Portainer. So the howto's out there no longer seem to 'work'.

      I created a macvlan in portainer and then added port declarations, volumes, environment variables and set policy and also tried enabling NET_ADMIN capability but am stuck; this is the error message: failed to create the macvlan port: operation not supported.
    • anotherchris wrote:

      Does anyone have this working?
      Yes. I just tried it to help another thread and followed a combination of these two guides - Questions concerning [How To] Install Pi-Hole in Docker

      anotherchris wrote:

      The latest OMV5 version (5.2.5-1 Usul) no longer has a GUI to launch Docker images - the new way is via Portainer.
      Portainer sure seems like a GUI to me.

      anotherchris wrote:

      I created a macvlan in portainer and then added port declarations, volumes, environment variables and set policy and also tried enabling NET_ADMIN capability but am stuck; this is the error message: failed to create the macvlan port: operation not supported.
      The NET_ADMIN setting is old. You don't need it.
      omv 5.3.2 usul | 64 bit | 5.3 proxmox kernel | omvextrasorg 5.2.4
      omv-extras.org plugins source code and issue tracker - github

      Please read this before posting a question and this and this for docker questions.
      Please don't PM for support... Too many PMs!
    • Hi, I am with you.

      Using RPI4 , OMV5 and try to spin up the pihole docker container. However getting the exact same error when try to deploy the container.
      The how-to guide for pi-hole is outdated for OMV 5. With the second guide, I setup the macvlan driver network through portainer.

      I am using 192.168.1.0/24 as the subnet and 192.168.1.1 as the gateway, parent is eth0. And left everything else blank to create the macvlan config.

      Would appreciate if anyone would have some insights or suggestion for this particular error failed to create macvlan port.
    • geaves wrote:

      limac wrote:

      And left everything else blank to create the macvlan config.
      That's just creating the config you then have to create a macvlan for pi-hole using that config, it's explained here

      Correct, I have created a config and then create the macvlan from that config.

      A reboot this morning did solve this error for me :) Not exactly know why tho.

      Now I successfully have the pi-hole container running and it is showing healthy. No error in the container logs either.
      However, when I try to go to http://{pihole_ip}/admin, it just timed out saying the site cannot be reached.
      I do see there is a device recognize by my router with the pihole ip.
      Tried recreating the macvlan (from both command line and portainer) and use different pihole docker tag versions.
      Doesn't seem to help, scratching my head for a long time try to understand which part went wrong.

      So the web GUI is not functioning for me.
      But I still went ahead and put the pihole ip in the router dns to try it out.
      I can see the traffic started coming in while tailing the /var/log/pihole.log in the container.
      But still no luck blocking any ads (just tried the Youtube ones)..

      The post was edited 2 times, last by limac ().

    • limac wrote:

      Correct, I have created a config and then create the macvlan from that config.
      When you created the config did you add the ip address that pi-hole would use i.e. <ip-address>/32 as per that link, this works as I have tested this on my OMV5 test machine.

      BTW what are you installing this on? and any log output?
      Raid is not a backup! Would you go skydiving without a parachute?
    • Hi,

      I'm having the same issue, previously ran OMV4 fine on an x86 box with PIhole running via docker fine. I've switched to a RPi4 using OMV5 using the guide from here and I have the same issue PIhole runs in Portainer after following the guides on here, however I can't access the gui. If within Portainer I access the console for Portainer, I can ping my router 192.168.0.1, however I can't ping my OMV5 box 192.168.0.21. From my laptop I can't ping the assigned IP of the Pihole container and my router doesn't show the IP as active.

      Any thoughts would be appreciated.
    • Thank you geaves.

      One thing I tried is to enable promiscuous mode for eth0 on my Rpi4. After reboot, the Rpi4 got assigned an new IP. Then I tried your suggestion and everything started working. It was even showing me the block history earlier. The reason for not blocking YouTube ad seems that is using it's own domain to server the ads. Might need to find a workaround for it.

      But then I only got it working once. I tried reboot it once since my ssh wasn't working perfectly, then it stopped working again, even with /32.
      And now I couldn't get it back to showing UI again..

      One thing I notice is that, when it was working, I was able to ping the OMV host IP from within Pi-hole container. Now I am not able to ping it, saying Destination Host Unreachable.

      FYI, I am using a Rpi 4 with 4gb ram with Orbi wifi mesh router.
    • limac wrote:

      One thing I tried is to enable promiscuous mode for eth0 on my Rpi4.
      ?( why

      limac wrote:

      After reboot, the Rpi4 got assigned an new IP.
      It will, due to the above change

      limac wrote:

      I tried reboot it once since my ssh wasn't working perfectly,
      That's a different issue and nothing to do with the way Pi-Hole behaves.
      _______________________________________________________________________________

      I don't have a Pi4, I have a Pi2 which runs DietPi with pi-hole, and a Pi3 B + which runs Kodi, but I have tested the installation of OMV5 on the 3B+ and it works following this guide. I then tested the install of Pi-Hole using this guide whilst this guide is based on OMV4 it still works if you follow this guide to set up the macvlan. In respect of the Pi-Hole guide to create the folders on your boot device you had to do this from the command line or use WinSCP from a Windows machine, now there is a plugin that allows you to do this.

      limac wrote:

      I was able to ping the OMV host IP from within Pi-hole container. Now I am not able to ping it, saying Destination Host Unreachable.
      That would suggest that the macvlan is not set correctly or it could be the changes you have made to the networking.

      The guides are created by users on the hardware new users could/will use that is why they are written with the KISS principle, the current Pi set up is a lot simpler and less prone to fail.
      ______________________________________________________________________________

      As a footnote it took me a few tries to get Pi-Hole on my OMV5 test laptop, I was getting all sorts of strange errors, including the router at one point telling me the IP of Pi-Hole was active, only to find it went dead after adding it to my routers list of DNS servers. The problem -> macvlan, if that is not configured correctly you end up going around in circles chasing your own tail :) Oh and my install on my test laptop does work and I have an image



      to get that I set my DNS to the install on OMV5 on my windows 10 workstation
      Raid is not a backup! Would you go skydiving without a parachute?
    • I was spending too much of my time trying to debug this.
      Also searching for multiple possible issue related.
      One thing I came across was to enable promiscuous mode.
      I was too desperate to try every possible fix... 8|

      I agree it may come back to macvlan eventually.
      But the reality is that I tried no less than 50 times to recreate the macvlan and the macvlan config.
      Tried it from using docker network create and tried it from Portainer.
      From pi-hole container I can ping the gateway and 1.1.1.1 and 8.8.8.8 no problem, but just couldn't ping the OMV host hence the Pi ip.

      I don't know how I made it work one time, this is even bugging me more. SSH is a different thing, I should not reboot my machine since then :)

      So the current state for me is that if I put it in my route's dns, it will start working, just no GUI for me :(

      I think I might have missed this step.

      crashtest wrote:

      **Update**
      For users updating their pi-hole containers, who are blocking all IPv6 connections:
      Using the file pihole-FTL.confunder /dockerparms/pihole/ has been discontinued. When updating pi-hole, delete the folder /dockerparms and all contents before creating a new container.

      Anyways, I will revert all my changes with pihole and start from fresh one last time tonight ||

      The post was edited 4 times, last by limac ().

    • Ok this a macvlan config similar to my own


      the IP range is the address that will be assigned to Pi-Hole hence /32 one IP only. Create the network, this is the result;

      Now create the macvlan for pi-hole


      create network; it is that network that is used for pi-hole, if the rest of the container is set up correctly it will work.
      Raid is not a backup! Would you go skydiving without a parachute?
    • Unfortunately, still the same thing.

      Did a "fresh" setup, followed the same as the guides you provide (below are my settings).
      Removed the pihole container and it's files and folders.
      Removed macvlan config and macvlan.
      Didn't reinstall OMV 5 since everything else is working fine. (smb, openvpn, plex-docker)

      I even did the DHCP as yours on my router (192.168.1.64 to 192.168.1.254).
      And make the OMV host to a static IP 192.168.1.50
      Only difference is my router is on 192.168.1.1

      I guess I don't deserve the GUI. Finally I can say I am going to give up on this ;(

      Appreciate the help a ton. Thank you very much! I still learnt a lot of stuff regardless.


    • Okay, I made it work :rolleyes:

      Although I still don't know why.

      I followed this host-container-workaround to have the below setup and then made a new network interface.

      Didn't work.
      Then I was playing around with my router to reserve the ip 192.168.1.25 for pihole.
      Didn't work.
      Then I rebooted Pi4. New added interface is gone due to reboot of course.
      Didn't work.
      Then I added below to pihole container env and recreated it. (did it before, just want to try one more time)

      And I exec to the pihole container and try to ping my windows desktop, which is working.(never tried this before)
      Then I put 192.168.1.25 in my browser, the GUI is up like a mystery ?(
      Rebooted Pi one more time and still works.

      Not sure which step helps, but just list out if cobain79 wanna try it out.

      Finally... :sleeping:

      The post was edited 2 times, last by limac ().

    • Figured it out, it is because I did a ping from the pihole container to the machine which I used to browse the GUI.

      Tried it on a surface pro and a Macbook air to confirm.

      First the browser cannot load 192.168.1.25 (just timeout), but once I ping from pihole to the machines' ip, they started showing the GUI ?(

      However, doesn't work for my android phone.

      But I can say it works for windows, macOS and iOS but not andriod. (based on my 6 limited machines samples)

      What would be the explanation?
    • Ok this is interesting as I mentioned this in this thread the normal behaviour for an incorrect image being used is for the container to continually restart if that is set under restart policy.

      The tag used to pull the container defaults to :latest unless an alternative tag is applied in relation to the hardware and in the case of the Pi :4.3.2.1_armf would be the tag to use.

      Pi-Hole was originally written for the Pi and like most software it has evolved, now it can be deployed either as a standalone, which is fine using Raspbian or as a Docker container. My understanding being that Docker Pi-Hole needs to be specific to the hardware it is to run on, hence the different tags. But, for whatever reason if :latest is used (being the default tag) on the Pi it still appears to run, albeit throwing errors and frustration.

      I don't have a Pi4, I have a Pi3 B+ which runs Kodi I could test the theory on that as I have an SD Card with OMV5 when trying the guide to installing on a Pi, this would still require a macvlan to be set up.
      Raid is not a backup! Would you go skydiving without a parachute?
    • limac wrote:

      Figured it out, it is because I did a ping from the pihole container to the machine which I used to browse the GUI.
      WTF :D
      I had similar problems reaching my iobroker container in the last days.
      It worked but I was not able to reach the GUI.
      Now I tried to ping my desktop pc from inside the iobroker container and holy smoks the GUI shows up :D
      So I don't think this is related to pihole itself.
      Either it is a problem with portainer or omv itself....

      Edit:
      FYI my iobroker container is also connected to my network via macvlan.
      So I don't know whether the underlying linux system (omv) or portainer handles the macvlan driver.
    • ozboss wrote:

      So I don't know whether the underlying linux system (omv) or portainer handles the macvlan driver.
      Macvlan driver is from docker as far as I know.
      I couldn't say anything since this is too bizarre for my limited knowledge..

      But glad it helped. Although I also noticed that you would need to re-ping your desktop after sometime to keep the GUI working :)
      Nice security feature huh? lol