Thanks for even clicking on my question !
So, I have an R-Pi, and I installed WireGuard on it (I am NOT using PiVPN; I tried, but it wasn't working at all). I also have PiHole installed.
I have been following the WireGuard guide of the PiHole docs because I was sure that the 2 services would coexist well.
Everything went to plan, no need for troubleshooting...
This config, from what it seems, routes my DNS requests through PiHole (as it's supposed to), because if I blacklist a domain, and try to go to it once connected to the VPN, it doesn't work (but does if it's whitelisted). This also allows me to ping devices on the server's LAN (more specifically on its main Ethernet's subnet); I cannot ping using the hostname though, weirdly enough...
So here is the config server side :
[Interface]
Address = 10.100.0.1/24, fd08:4711::1/64
ListenPort = 50009
PrivateKey = <myprivatekey>
PostUp = nft add table ip wireguard; nft add chain ip wireguard wireguard_chain {type nat hook postrouting priority src>
PostDown = nft delete table ip wireguard; nft delete table ip6 wireguard
# apparently according to the PiHole docs, I must use nft and not iptables for Raspbian 11.
[Peer] #mypc
PublicKey = <mypublickey>
PresharedKey = <presharedkey>
AllowedIPs = 10.100.0.2/32, fd08:4711::2/128
And now client side :
[Interface]
PrivateKey = <myprivatekey>
Address = 10.100.0.2/32, fd08:4711::2/128
DNS = 10.100.0.1 #ip of server wich has PiHole on it
[Peer]
PublicKey = <mypublickey>
PresharedKey = <mypresharedkey>
AllowedIPs = 10.100.0.1/32, fd08:4711::1/128, 192.168.1.0/24
Endpoint = <mydomainname>:50009
PersistentKeepalive = 25
So that's all well and good (considering I was going to write I had DNS leaks, but just ran a test, and it seems fine !). Just one question here (not the main question) : are my DNS requests encrypted with this system ?
But now I would like a full tunnel, where all my traffic goes through my server, so that my IP is masked, and I can access securely some SMB shares (I have configured SFTP, but in case it breaks, I want a backup way to access my files).
So many tutorials (including the PiHole docs) said to set AllowedIPs = 0.0.0.0/0, ::/0... Which I did, buuuuut... I instantly lose internet connection... Could it be a firewall issue ? If so, where : server side or client side ?
If I nslookup any domain, it won't resolve, even though my server (with PiHole on it) is specified as DNS server for the tunnel...
Here is the server config for that (no change):
[Interface]
Address = 10.100.0.1/24, fd08:4711::1/64
ListenPort = 50009
PrivateKey = <myprivatekey>
PostUp = nft add table ip wireguard; nft add chain ip wireguard wireguard_chain {type nat hook postrouting priority src>
PostDown = nft delete table ip wireguard; nft delete table ip6 wireguard
# apparently according to the PiHole docs, I must use nft and not iptables for Raspbian 11.
[Peer] #mypc
PublicKey = <mypublickey>
PresharedKey = <presharedkey>
AllowedIPs = 10.100.0.2/32, fd08:4711::2/128
And here is client side :
[Interface]
PrivateKey = <myprivatekey>
Address = 10.100.0.2/32, fd08:4711::2/128
DNS = 10.100.0.1
[Peer]
PublicKey = <mypublickey>
PresharedKey = <mypresharedkey>
AllowedIPs = 0.0.0.0/0, ::/0
Endpoint = <mydomainname>:50009
PersistentKeepalive = 25
On the WireGuard Windows app, I can unselect "Block untunneled traffic", which changes AllowedIPs to 0.0.0.0/1, 128.0.0.0/1, ::/1, 8000::/1. Doesn't change or help anything, but just thought I'd mention it...
I really don't understand, been struggling on this for 5 hours now... Pretty desperate...
Thanks for even getting this far into the huge read !
Silloky
