Listen on All Interfaces -- Using pihole with Wireguard or other VPN

After installing wireguard and activating the wg0 interface, I noticed that pihole was refusing to listen. Below I share how to fix

What's more, netstat showed pihole-FTL listening on all interfaces 0.0.0.0:53 -- but using dig I could only query via eth0 . Watch out for this while debugging.

Configure pihole for all interfaces, also restart

pihole -a -i all

Testing

Here's how to test both interfaces

# 192.168.0.201 is the addr of eth0
$ dig @192.168.0.201 www.ucla.edu

# 4.1 is the address of wg0 wireguard "server"
$ dig @192.168.4.1 www.ucla.edu

How I found the solution

I scanned references to INTERFACE in webpage.sh . I got a little confused because the -a help in cli seems to focus on "web" setup but seems to include dns options as well.

1 Like

The reason there are DNS options in webpage.sh is because that is used by the settings page on the web interface.

Would you guys be open to me adding an "all" option to the setup screen (pihole -r)?

Are you proposing a feature change to the open source Pi-Hole code, or do you want to change your local install only?

If the latter, you are free to change your local configuration in any way you desire.

I meant me adding a PR to add the "all" option to the interface setup screen

That config option is not necessary for installing, so it should not be included.

Just to share my perspective, I was installing with two interfaces (eth0 and wg0), but pihole -r only allows one. I've noticed maybe 4 other posts facing a similar setup and confusion.

Could I ask your reasoning behind not listening on all interfaces? Most admins assume daemons will be able to listen to all.

I'm happy to write the pr and I think it would be helpful for anyone doing vpn

The interface is asked as part of setting a static IP address, and if the single interface mode is used. You can still change the interface listening mode to listen on all addresses after install. The default could be changed in the future.

1 Like

Thank you for this post, it took me forever to figure out why PiHole was running perfectly but not on clients connected through Wireguard. This solved it!

1 Like