guides/wireguard-pihole-vpn-setup #1
Comments
|
Just an FYI about VPS and using them for a VPN. Some sites will block any traffic from known datacenter IP's in order to try and prevent scraping. An example of this would be most airline sites. Give Delta or Southwest a try with your VPS and you'll likely see an error. Same with Craigslist, although they seem to slow the connection vs full block. I suspect this list will grow. Not that commercial VPN's are any better, just pointing out that there are some downsides to VPS as well. |
|
Thank you so much for this configuration. I have it running on DigitalOcean. I did find that I had to remove ", ::/0" from the Allowed Client IPs for Wireguard for iOS, given lack of support for ipv6, based on info in: trailofbits/algo#1385 |
|
Doesn't this leave the server open to be used as a DNS amplification host??? |
|
@gap579137 the DNS server doesn't have to be exposed to the internet, the queries go through the tunnel |
|
Great write-up! FYI I needed to add |
|
Nice writeup.
Then I also have two questions:
Thnx for any feedback! |
|
@drdrexl I was really hoping you might have a reply for me to the above comments. I have so far not been able to get this working... |
|
Hi @dosch
Should be whichever interface you are getting internet from (usually eth0)
Yes it's weird but the internal IP doesn't work and the external IP works as expected (everything goes through the tunnel)
If it's a DNS issue (try
You could write a bash/python script to automate the whole config generation process. |
It is not a DNS issue: all connections go down as soon as I connect. Pinging 8.8.8.8 returns an error.
I did IP tables rules are copy and paste from your blog with no alterations made.
I did that in the wireguard client on my mac... but also... no result. Do you have any other tips... ? I wiped the VPS three times already and started all over, following your steps meticulously, but I clearly still doing something wrong... :-( |
|
Thank you for this nice guide.I have similar issues as dosch though. |
|
"Yes it's weird but the internal IP doesn't work and the external IP works as expected (everything goes through the tunnel)" Is there a way the pihole listen on interface wg0 and eth0? |
|
To listen on all Interfaces go to pi-hole settings>DNS
|
|
Hi, does this route all traffic via VPN to the Droplet or just the DNS traffic? |
|
Same here. I can see that my system is at least trying to get stuff from the Internet via the Wireguard tunnel but absolutely no name resolution. Yours isn't the first tutorial I'm trying, none of them worked. Maybe it's something on the provider's network that is blocking such a setup? I guess I'll try another VPS |
|
Solved. In my case it was really my provider. I've got a VPS at a German provider called Profihost. It seems as if they do not allow this kind of operation. I switched to Hetzner, also a German provider, where I pay 2,96 € a month for the smallest instance they offer. It works like a charm. Maybe at smaller providers like Hetzner the issues mdp wrote about won't be any, idk. |
|
Sorry for the spam, it wasn't the provider's fault, not really at least. It was IPv6 in my case, as someone mentioned before. I have disabled IPv6 completely which I had to because my provider doesn't offer me an IPv6 address. I hope this helps someone else. Please ignore the last two comments. |
|
|
Setting up an ad-blocking VPN with Wireguard and Pihole | Detachment 2702
This guide will walk you through the setup of a remote machine that will act as a personal VPN server at the cost of 3 to 5 USD per month. We will also configure it to act as a DNS resolver that will automatically block spam, tracking, advertising and malware domains on all of your connected devices.
https://drexl.me/guides/wireguard-pihole-vpn-setup.html
The text was updated successfully, but these errors were encountered: