You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I've been trying to setup PiHole + Wireguard, using PiVPN, and ran into a persistent problem, that I've been able to fix, but I'm not sure where to problem came from and if this is the right fix:
After installing PiHole first and Wireguard second, I used pivpn add to generate a client config, and edited that config, removing 0.0.0.0/0 and adding my LAN's IP and netmask: 192.168.2.0/24. When using this config I could not get any DNS response (although I could access computers on my LAN through the VPN). If I removed my LAN IP and reset AllowedIPs to allow everything the DNS request did go through the PiHole, but I don't want to send all data through the VPN..
After lots of debugging I got the DNS split it to work by adding the IP and mask of the VPN's network, , 10.6.0.0/24.
Without the extra section in AllowedIPs I did not see any connection attempt with tcpdump -n -i eth0 udp port 8000.
Using this config the DNS queries go through Wireguard and are resolved by PiHole, so it's working as I want it to right now. But this still leaves me wondering if I got something wrong somewhere (most likely), or if the FAQ is wrong/outdated, or if the PiVPN script has a bug.
Have you searched for similar issues and solutions?
Yes
Console output of pivpn debug
:::: PiVPN debug ::::
=============================================
:::: Latest commit ::::
commit 4e8d4dfd8ef01e49f3137d5fc5a2afa14a465e47 (grafted
, HEAD -> master, origin/master, ori
gin/HEAD)
Author: Orazio <orazioedoardo@users.noreply.github.com>
Date: Tue Apr 7 13:45:43 2020 +0200
Merge pull request #1000 from psgoundar/pivpn
Updated listOVPN to Include Expiration Dates
=============================================
:::: Installation settings ::::
PLAT=Raspbian
OSCN=buster
USING_UFW=0
IPv4dev=eth0
dhcpReserv=1
IPv4addr=192.168.2.9/24
IPv4gw=192.168.2.254
install_user=dietpi
install_home=/home/dietpi
VPN=wireguard
pivpnPORT=8000
pivpnDNS1=10.6.0.1
pivpnDNS2=
pivpnHOST=REDACTED
INPUT_CHAIN_EDITED=0
FORWARD_CHAIN_EDITED=0
pivpnPROTO=udp
pivpnDEV=wg0
pivpnNET=10.6.0.0
subnetClass=24
UNATTUPG=1
INSTALLED_PACKAGES=(iptables-persistent wireguard wireguard-tools wireguard-dkms)
=============================================
:::: Server configuration shown below ::::
[Interface]
PrivateKey = server_priv
Address = 10.6.0.1/24
ListenPort = 8000
# begin Android-Split
[Peer]
PublicKey = Android-Split_pub
PresharedKey = psk
AllowedIPs = 10.6.0.2/32
# end Android-Split
=============================================
:::: Client configuration shown below ::::
[Interface]
PrivateKey = Android-Split_priv
Address = 10.6.0.2/24
DNS = 10.6.0.1
[Peer]
PublicKey = server_pub
PresharedKey = psk
Endpoint = REDACTED:8000
AllowedIPs = 192.168.2.0/24, 10.6.0.0/24
=============================================
:::: Recursive list of files in ::::
:::: /etc/wireguard shown below ::::
/etc/wireguard:
configs keys wg0.conf
/etc/wireguard/configs:
Android-Split.conf clients.txt
/etc/wireguard/keys:
Android-Split_priv Android-Split_pub psk server_priv server_pub
=============================================
:::: Self check ::::
:: [OK] IP forwarding is enabled
:: [OK] Iptables MASQUERADE rule set
:: [OK] WireGuard is running
:: [OK] WireGuard is enabled (it will automatically start on reboot)
:: [OK] WireGuard is listening on port 8000/udp
=============================================
:::: Having trouble connecting? Take a look at the FAQ:
:::: https://github.com/pivpn/pivpn/wiki/FAQ
=============================================
:::: WARNING: This script should have automatically masked sensitive ::::
:::: information, however, still make sure that PrivateKey, PublicKey ::::
:::: and PresharedKey are masked before reporting an issue. An example key ::::
:::: that you should NOT see in this log looks like this: ::::
:::: YIAoJVsdIeyvXfGGDDadHh6AxsMRymZTnnzZoAb9cxRe ::::
=============================================
:::: Debug complete ::::
Contents of /etc/dnsmasq.d/02-pivpn.conf
addn-hosts=/etc/pivpn/hosts.wireguard
The text was updated successfully, but these errors were encountered:
When you use choose to use pi-hole as dns during the pivpn installation, the script uses 10.6.0.1, the VPN ip of the raspberry as dns for the VPN.
Since the default configuration for allowedIP 0.0.0.0/0 allows everything through the tunnel, 10.6.0.1 is allowed as well.
When you set allowedip 192.168.2.0/24, 10.6.0.1 is not allowed anymore, unless you also add 10.6.0.0/24 (or at least 10.6.0.1/32). You did right.
If you don't want to add 10.6.0.0/24 to allowed IP, just use DNS = 192.168.2.9.
In raising this issue, I confirm the following:
{please fill the checkboxes, e.g: [X]}
Issue
I've been trying to setup PiHole + Wireguard, using PiVPN, and ran into a persistent problem, that I've been able to fix, but I'm not sure where to problem came from and if this is the right fix:
After installing PiHole first and Wireguard second, I used
pivpn add
to generate a client config, and edited that config, removing0.0.0.0/0
and adding my LAN's IP and netmask:192.168.2.0/24
. When using this config I could not get any DNS response (although I could access computers on my LAN through the VPN). If I removed my LAN IP and reset AllowedIPs to allow everything the DNS request did go through the PiHole, but I don't want to send all data through the VPN..After lots of debugging I got the DNS split it to work by adding the IP and mask of the VPN's network,
, 10.6.0.0/24
.Without the extra section in AllowedIPs I did not see any connection attempt with
tcpdump -n -i eth0 udp port 8000
.Using this config the DNS queries go through Wireguard and are resolved by PiHole, so it's working as I want it to right now. But this still leaves me wondering if I got something wrong somewhere (most likely), or if the FAQ is wrong/outdated, or if the PiVPN script has a bug.
Have you searched for similar issues and solutions?
Yes
Console output of
pivpn debug
Contents of /etc/dnsmasq.d/02-pivpn.conf
addn-hosts=/etc/pivpn/hosts.wireguard
The text was updated successfully, but these errors were encountered: