PiHole DHCP & Wireguard

honk · August 5, 2024, 9:48pm

The issue I am facing:
I just migrated DHCP server's on my LAN from my ISP gateway to my pihole.
The migration was a bit rockier than I'd hoped for - it wasn't apparent which ISP box was actually acting as the gateway and I had to factory reset the ISP gear in the process of figuring it out. However, the pihole is not handing out IP addresses without issue.

As a result:
I borked my wireguard setup - I had a port forward setup that I forgot to copy over.
The keys are untouched, my DDNS is still running (and correct - I just checked) but my wireguard traffic is not going through.

I'm not sure if I'm misunderstanding the ISP GUI for port forwarding or if my change in DHCP server is to blame.

Specifically, if the wireguard interface IP being outside the DHCP range specified on the PiHole is an issue (10.140.235.X being the wrieguard range I am using).

Handshake can occur if my phone is inside of the LAN (this shows as coming from 10.140.235.X so I presume the DHCP server is not the issue).

Handshake does not occur if my phone is outside of the LAN (over cellular to be specific).

Details about my system:

PiHole Machine
Hardware: Raspberry Pi 3B
Network connection: Passive switch --|Ethernet|-- Gateway
OS: Raspbian Lite
Pihole: installed via the script on Pihole's website.
Unbound: installed via apt, configured as per pihole docs with DNSSEC enabled.
Wireguard: installed and configured via PiVPN

192.168.1.254 Gateway

192.168.1.92 Goose 
------------------------------------  			   
192.168.1.92:5123 wg0		       |
	10.140.235.2 wg0-Nord	       |	
192.168.1.92:53 pihole-FTL (DNS)   |
192.168.1.92:57 pihole-FTL (DHCP)  |
				                   |
127.0.0.1:5335 Ubound interface    |
------------------------------------

wg0-Nord is a wireguard interface for my Android phone which was setup using PiVPN and the QR code.

It has been working flawlessly prior to me resetting the ISP gear.

What I have changed since installing Pi-hole:

Port forwarding rule I have tried setting:
Under WAN service
Protocol: UDP
WAN port: 51820
LAN port: 51820
Destination IP: 192.168.1.92 <- this is set as a static IP on the pihole and is pointed at the wireguard machine
DHCP address range:
192.168.1.2 to 192.168.1.254

I am fairly certain I am just misunderstanding how to write the port forwarding rule correctly.

Resolved

I was correct, I am a dingus and misunderstanding the port forwarding rule. I need to leave the Source IP address field empty

AyleKalani · August 6, 2024, 10:48pm

I do something similar, I use Pi-Hole + Unbound for Upstream and DHCP Server. As a VPN I use Pi-VPN. Works ok with Pi-Hole.

system · August 27, 2024, 10:49pm

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.