PiHole + Wireguard

darky · May 29, 2020, 4:20pm

Hi,

I installed wireguard properly by using pivpn. But now, if I change the pihole listening behaviour in order to listen as well on wg0 to

Listen on all interfaces or
Listen on all interfaces, permit all origins

I cannot get a connection anymore to any website.

Any help is appreciated.

RamSet · May 29, 2020, 4:37pm

I believe wireguard and/or pivpn generate dedicated dnsmasq files in /etc/dnsmasq.d that interfere with the Pi-hole files in that same directory.

What is the content of the above folder?

jfb · May 29, 2020, 4:47pm

This command will show all the non-commented lines in that directory. Please post the output:

grep -v '#\|^$' -R /etc/dnsmasq.*

darky · May 29, 2020, 4:48pm

/etc/dnsmasq.conf:conf-dir=/etc/dnsmasq.d
/etc/dnsmasq.conf.dpkg-dist:dhcp-mac=set:client_is_a_pi,B8:27:EB:*:*:*
/etc/dnsmasq.conf.dpkg-dist:dhcp-reply-delay=tag:client_is_a_pi,2
/etc/dnsmasq.conf.old:conf-dir=/etc/dnsmasq.d
/etc/dnsmasq.d/02-wireguard.conf:interface=wg0
/etc/dnsmasq.d/02-dnscrypt.conf:proxy-dnssec
/etc/dnsmasq.d/02-pivpn.conf:addn-hosts=/etc/pivpn/hosts.wireguard
/etc/dnsmasq.d/02-pivpn.conf:interface=wg0
/etc/dnsmasq.d/01-pihole.conf:addn-hosts=/etc/pihole/local.list
/etc/dnsmasq.d/01-pihole.conf:addn-hosts=/etc/pihole/custom.list
/etc/dnsmasq.d/01-pihole.conf:localise-queries
/etc/dnsmasq.d/01-pihole.conf:no-resolv
/etc/dnsmasq.d/01-pihole.conf:cache-size=0
/etc/dnsmasq.d/01-pihole.conf:log-queries
/etc/dnsmasq.d/01-pihole.conf:log-facility=/var/log/pihole.log
/etc/dnsmasq.d/01-pihole.conf:local-ttl=2
/etc/dnsmasq.d/01-pihole.conf:log-async
/etc/dnsmasq.d/01-pihole.conf:domain-needed
/etc/dnsmasq.d/01-pihole.conf:bogus-priv
/etc/dnsmasq.d/01-pihole.conf:interface=eth0
/etc/dnsmasq.d/01-pihole.conf:server=/use-application-dns.net/
/etc/dnsmasq.d/10-pihole-extra.conf:proxy-dnssec

darky · May 29, 2020, 5:20pm

01-pihole.conf  02-dnscrypt.conf  02-pivpn.conf  02-stubby.conf  02-wireguard.conf  10-pihole-extra.conf  README

Any help?

deHakkelaar · May 29, 2020, 6:29pm

Leave it on "Listen only on interface eth0".
Any interface= directive in the grep output restricts the pihole-FTL daemon to answer only on that interface instead of default answer on all.
When you set "Listen on all interfaces", Pi-hole will remove its interface= directive leaving the ones in 02-wireguard.conf and 02-pivpn.conf still active and thus restricting to only answer on the wg0 interface.
You can test with for example:

host pi.hole <ETH0_IP_ADDRESS>

host pi.hole <WG0_IP_ADDRESS>

EDIT: I didnt notice at first but the directive is also in 02-pivpn.conf

system · June 19, 2020, 6:38pm

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.