PiHole + Unbound ReverseDNS + Wireguard Problem

magrossm · April 10, 2020, 1:48pm

Please follow the below template, it will help us to help you!

Expected Behaviour:

Wireguard connection and DNS resolution through VPN

Actual Behaviour:

Local DNS resolution works without VPN, but when opening the before-functioning wireguard VPN I cannot reach any website or even resolve it. Also local adresses cannot be resolved.

The Wireguard server and clients were working without a problem before installation of the pi-hole and unbound reverse dns.

The vpn has a static ip with subdomain and wireguard port is forwarded to the pi as wireguard server.
PI has local 192.168.192.20 and routers DNS is set to this ip. Gateway is 192.168.192.1
The pihole has unbound reversedns as upstream dns service and conditional forwarding to the router. Listen on all interfaces and permit all origins is checked.

Funny thing is the wireguard vpn makes the connection and also sends data and if I do it with Notebook the client with ip 10.10.10.2 also appears with IP in the client section of pi-hole. But cannot open any site. with the phone it doesnt even appear and cannot open anything also.

Thanks for any advice.

[wg-server-conf]

[Interface]
Address = 10.10.10.1/24
ListenPort = 51820
PrivateKey = ******************************************
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE

Client1 PC

[Peer]
PublicKey = *****************************************
AllowedIPs = 10.10.10.2/32

Client2 smartphone

[Peer]
PublicKey = ***************************************
AllowedIPs = 10.10.10.3/32

[wg-client-conf]

[Interface]
PrivateKey = ******************************************
Address = 10.10.10.3 / 10.10.10.2 (depending on client)
DNS = 192.168.192.20
[Peer]
PublicKey = **************************************
Endpoint = SUB-DOMAIN:51820
AllowedIPs = 0.0.0.0/0, 192.168.192.0/24
PersistentKeepalive = 25

Debug Token:

13v8p1sp6e

Tntdruid · April 10, 2020, 1:55pm

I have replace my Woreguard whit Zerotier, works much better for me.

system · May 1, 2020, 1:55pm

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.