Results 1 to 3 of 3
  1. #1
    Untanglit
    Join Date
    Mar 2018
    Location
    Toronto, Ontario
    Posts
    24

    Default Pihole install or any app on Untangle

    Here is how to install Pihole or any application available for Debian like letsencrypt, DOH, dnscrypt, speedtest-cli, ntp server, samba, nfs or even wireguard vpn! which is not available in homepro that i bought.

    On a high level we leverage the LXC Container which is part of untangle. install pihole on the container, create automatic startup for container when untangle boots up. This is pretty secure from a networking perspective since virtual switch of lxc is tied to the internal network rather than the WAN network.

    reference: https://wiki.untangle.com/index.php/LXC

    shoutout: jcoffin for confirming the lxc container can do it.

    1. enable ssh on untangle and run as root. Note that enabling it will expose ssh to the public internet. have a ruleset i made separately that will let it listen only on the private network.

    2. initialize the LXC Container. This will pull debian buster, install some deb packages.
    # /usr/share/untangle-lxc-client/bin/untangle-lxc-start

    3. login to LXC Container
    # /usr/share/untangle-lxc-client/bin/untangle-lxc-attach

    3.1 You are now inside the container. all commands below are done in LXC rather than untangle. Don't confuse running commands in untangle! create account. this useful if you want to manage the container remotely via ssh.
    # useradd -s /bin/bash -m balrog
    # passwd balrog

    3.2 install ssl certificates or else pihole install will fail. install curl as well.
    # apt install ca-certificates curl -y

    3.3 install pihole. note, won't dwell on how to configure pihole there are literally millions of howtos to do that in the internet.
    # curl -sSL https://install.pi-hole.net | bash

    3.4 exit from lxc container.
    exit

    4. You are back on untangle. time to create startup for the lxc container so that when untangle reboots, the lxc container will also start. Have chosen to recreate startup the /etc/rc.local ala sysV init style back (love hate relationship with systemd.) instead of creating a service specific to lxc. gives me more flexibility to add startup scripts in the future.

    4.1 create service file. edit the file vi /etc/systemd/system/rc.local.service and add the following:
    [Unit]
    Description=/etc/rc.local
    ConditionPathExists=/etc/rc.local

    [Service]
    Type=forking
    ExecStart=/etc/rc.local start
    TimeoutSec=0
    StandardOutput=tty
    RemainAfterExit=yes
    SysVStartPriority=99

    [Install]
    WantedBy=multi-user.target

    4.2 create the rc.local file by editing vi /etc/rc.local and add the following:
    #!/bin/sh -e
    #
    # rc.local
    #
    # This script is executed at the end of each multiuser runlevel.
    # Make sure that the script will "exit 0" on success or any other
    # value on error.
    #
    # In order to enable or disable this script just change the execution
    # bits.
    #
    # By default this script does nothing.
    # Balrog # have to insert sleep 60 here to prevent it from hanging.
    # Probably because of timing issue.
    sleep 60 ; /usr/share/untangle-lxc-client/bin/untangle-lxc-start

    exit 0

    4.3 set permission and ownership:
    # chmod 770 /etc/rc.local
    # chown root:root /etc/rc.local

    4.4 enable service and when untangle boots up.
    # systemctl enable rc.local.service

    4.5 start the service
    # systemctl start rc.local.service

    4.6 optional: if you want to see if the service is running.
    # systemctl status rc.local.service

    5. reboot untangle and the lxc should startup automatically. Please note that there is some delay for pihole due to some timing issue which i'm lazy to troubleshoot. have inserted 60 seconds of delay to fix this in rc.local file.

    6. access pihole web admin interface on http://192.0.2.2/admin. attached screenshot below pihole_untangle.pngis proof it works. it has a hardcoded ip address of 192.0.2.2, and it does not matter if you set your internal ip to say, 192.168.1.x or 192.168.2.x. enjoy!

    7. if everything works fine, you can add the ip address as a DNS on the internal network dhcp.
    Last edited by balrog; 10-28-2020 at 05:41 PM.
    u_volto and CMcNaughton like this.

  2. #2
    Untanglit
    Join Date
    May 2020
    Posts
    15

    Default

    Any hint on how to use a new container and not Untangle's default container? I think this one is reserved for the support folks. Besides that, it is not confined:

    Code:
    # cat /etc/lxc/default.conf
    lxc.net.0.type = veth
    lxc.net.0.link = br.lxc
    lxc.net.0.flags = up
    lxc.net.0.ipv4.address = 192.0.2.2/30
    lxc.net.0.ipv4.gateway = 192.0.2.1
    lxc.apparmor.profile = unconfined

  3. #3
    Untanglit
    Join Date
    Mar 2018
    Location
    Toronto, Ontario
    Posts
    24

    Default

    Hi u_volto,
    All you said is correct. I'm using the Untangle lxc standards and riding on it. Like you said, tried the proper way of creating lxc, but did not work. This is more of a hack than anything else.

    If there is a proper way to do it, i'm all ears. but for now, this is the way for me to install pihole and other apps to work on, since Untangle = open source + "special source".

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2