PiHole with Recursive DNS not Handshaking with Wireguard setup via PiVPN

Help Community Help
,
1

Expected Behaviour:

I've set my Router to use my PiHole along with Wireguard to use it as a VPN. I've set it up using PIVPN and some tutorials on Youtube. I have included Screenshots of my router and it's setup along with my Wireguard config files and setup. My PiHole is set up to use Recursive DNS and I have set up a DDNS with my Router and made sure to disable my Router's inherent DHCP service, set the PIHole as my Primary DNS and reserve the address. My PiHole is working nicely, but none of my devices are connecting to the Wireguard VPN.

Screen Shot 2022-01-30 at 11.03.40 AM
Screen Shot 2022-01-30 at 11.03.40 AM1440×1176 105 KB

Screen Shot 2022-01-30 at 11.04.19 AM
Screen Shot 2022-01-30 at 11.04.19 AM1416×638 62.1 KB

Screen Shot 2022-01-30 at 11.06.12 AM
Screen Shot 2022-01-30 at 11.06.12 AM1010×744 62.1 KB

Screen Shot 2022-01-30 at 11.07.23 AM
Screen Shot 2022-01-30 at 11.07.23 AM1634×1884 466 KB

Screen Shot 2022-01-30 at 11.05.44 AM
Screen Shot 2022-01-30 at 11.05.44 AM1448×368 59.9 KB

Screen Shot 2022-01-30 at 11.04.48 AM
Screen Shot 2022-01-30 at 11.04.48 AM1450×1128 155 KB

Screen Shot 2022-01-30 at 11.35.10 AM
Screen Shot 2022-01-30 at 11.35.10 AM1942×1566 405 KB

Actual Behaviour:

My Phone/Mac should be handshaking with the VPN but it's not.

I have been working on this for the better part of the day and am utterly at a loss, any help whatsoever would be greatly appreciated. thanks!

PI Ifconfig Results

pi@raspberrypi:~ $ ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.0.155  netmask 255.255.255.0  broadcast 192.168.0.255
        inet6 fe80::xxx:xxxx:xxxx:xxxx  prefixlen 64  scopeid 0x20<link>
        ether xx:xx:xx:xx:xx:xx  txqueuelen 1000  (Ethernet)
        RX packets 8349  bytes 1644604 (1.5 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 3440  bytes 943688 (921.5 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 1388  bytes 123499 (120.6 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 1388  bytes 123499 (120.6 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

wg0: flags=209<UP,POINTOPOINT,RUNNING,NOARP>  mtu 1420
        inet 10.6.0.1  netmask 255.255.255.0  destination 10.6.0.1
        unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 1000  (UNSPEC)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 58 overruns 0  carrier 0  collisions 0

wlan0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
        ether xx:xx:xx:xx:xx:xx  txqueuelen 1000  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

Debug Token:

*** [ INITIALIZING ]
[i] 2022-01-30:11:31:18 debug log has been initialized.
[i] System has been running for 0 days, 0 hours, 46 minutes

*** [ INITIALIZING ] Sourcing setup variables
[i] Sourcing /etc/pihole/setupVars.conf...

*** [ DIAGNOSING ]: Core version
[i] Core: v5.8.1 (https://discourse.pi-hole.net/t/how-do-i-update-pi-hole/249)
[i] Remotes: origin	https://github.com/pi-hole/pi-hole.git (fetch)
             origin	https://github.com/pi-hole/pi-hole.git (push)
[i] Branch: master
[i] Commit: v5.8.1-0-g875ad04

*** [ DIAGNOSING ]: Web version
[i] Web: v5.10.1 (https://discourse.pi-hole.net/t/how-do-i-update-pi-hole/249)
[i] Remotes: origin	https://github.com/pi-hole/AdminLTE.git (fetch)
             origin	https://github.com/pi-hole/AdminLTE.git (push)
[i] Branch: master
[i] Commit: v5.10.1-0-gcb7a866

*** [ DIAGNOSING ]: FTL version
[✓] FTL: v5.13

*** [ DIAGNOSING ]: lighttpd version
[i] 1.4.59

*** [ DIAGNOSING ]: php version
[i] 7.4.25

*** [ DIAGNOSING ]: Operating system
[i] dig return code:  0
[i] dig response:  "Raspbian=9,10,11 Ubuntu=16,18,20,21 Debian=9,10,11 Fedora=33,34 CentOS=7,8"
[✓] Distro:  Raspbian
[✓] Version: 11

*** [ DIAGNOSING ]: SELinux
[i] SELinux not detected

*** [ DIAGNOSING ]: FirewallD
[i] Firewalld service inactive

*** [ DIAGNOSING ]: Processor
[✓] armv7l

*** [ DIAGNOSING ]: Disk usage
   Filesystem      Size  Used Avail Use% Mounted on
   /dev/root        29G  1.6G   26G   6% /
   devtmpfs        333M     0  333M   0% /dev
   tmpfs           462M  1.1M  461M   1% /dev/shm
   tmpfs           185M  716K  184M   1% /run
   tmpfs           5.0M  4.0K  5.0M   1% /run/lock
   /dev/mmcblk0p1  253M   50M  203M  20% /boot
   tmpfs            93M     0   93M   0% /run/user/999
   tmpfs            93M     0   93M   0% /run/user/1000

*** [ DIAGNOSING ]: Networking
[✓] IPv4 address(es) bound to the eth0 interface:
    192.168.0.155/24

[✓] IPv6 address(es) bound to the eth0 interface:
    fe80::a7c:c1a2:460f:f20b/64

[i] Default IPv4 gateway: 192.168.0.1
   * Pinging 192.168.0.1...
[✓] Gateway responded.

*** [ DIAGNOSING ]: Ports in use
[✓] udp:0.0.0.0:53 is in use by pihole-FTL
    udp:0.0.0.0:68 is in use by dhcpcd
    udp:0.0.0.0:51820 is in use by <unknown>
    udp:127.0.0.1:5335 is in use by unbound
    udp:0.0.0.0:5353 is in use by avahi-daemon
    udp:0.0.0.0:51038 is in use by avahi-daemon
[✓] udp:*:53 is in use by pihole-FTL
    udp:*:51820 is in use by <unknown>
    udp:*:5353 is in use by avahi-daemon
    udp:*:37789 is in use by avahi-daemon
[✓] tcp:127.0.0.1:4711 is in use by pihole-FTL
[✓] tcp:0.0.0.0:80 is in use by lighttpd
[✓] tcp:0.0.0.0:53 is in use by pihole-FTL
    tcp:0.0.0.0:22 is in use by sshd
    tcp:127.0.0.1:5335 is in use by unbound
    tcp:127.0.0.1:8953 is in use by unbound
[✓] tcp:[::1]:4711 is in use by pihole-FTL
[✓] tcp:[::]:80 is in use by lighttpd
[✓] tcp:[::]:53 is in use by pihole-FTL
    tcp:[::]:22 is in use by sshd

*** [ DIAGNOSING ]: Name resolution (IPv4) using a random blocked domain and a known ad-serving domain
[✓] mail.chileexe77.com is 0.0.0.0 on lo (127.0.0.1)
[✓] mail.chileexe77.com is 0.0.0.0 on eth0 (192.168.0.155)
[✓] No IPv4 address available on wlan0
[✓] mail.chileexe77.com is 0.0.0.0 on wg0 (10.6.0.1)
[✓] doubleclick.com is 172.217.15.238 via a remote, public DNS server (8.8.8.8)

*** [ DIAGNOSING ]: Name resolution (IPv6) using a random blocked domain and a known ad-serving domain
[✓] file.firefoxupdata.com is :: on lo (::1)
[✓] file.firefoxupdata.com is :: on eth0 (fe80::a7c:c1a2:460f:f20b)
[✓] No IPv6 address available on wlan0
[✓] No IPv6 address available on wg0
[✗] Failed to resolve doubleclick.com via a remote, public DNS server (2001:4860:4860::8888)

*** [ DIAGNOSING ]: Discovering active DHCP servers (takes 10 seconds)
   Scanning all your interfaces for DHCP servers
   Timeout: 10 seconds
   
   WARN: Could not sendto() in send_dhcp_discover() (/__w/FTL/FTL/src/dhcp-discover.c:233): Operation not permitted
   DHCP packets received on interface wlan0: 0
   DHCP packets received on interface eth0: 0
   DHCP packets received on interface lo: 0

*** [ DIAGNOSING ]: Pi-hole processes
[✓] lighttpd daemon is active
[✓] pihole-FTL daemon is active

*** [ DIAGNOSING ]: Pi-hole-FTL full status
   ● pihole-FTL.service - LSB: pihole-FTL daemon
     Loaded: loaded (/etc/init.d/pihole-FTL; generated)
     Active: active (exited) since Sun 2022-01-30 10:44:27 MST; 47min ago
       Docs: man:systemd-sysv-generator(8)
    Process: 637 ExecStart=/etc/init.d/pihole-FTL start (code=exited, status=0/SUCCESS)
        CPU: 143ms

Jan 30 10:44:24 raspberrypi systemd[1]: Starting LSB: pihole-FTL daemon...
Jan 30 10:44:25 raspberrypi pihole-FTL[637]: Not running
Jan 30 10:44:25 raspberrypi su[665]: (to pihole) root on none
Jan 30 10:44:25 raspberrypi su[665]: pam_unix(su:session): session opened for user pihole(uid=999) by (uid=0)
Jan 30 10:44:27 raspberrypi pihole-FTL[738]: FTL started!
Jan 30 10:44:27 raspberrypi systemd[1]: Started LSB: pihole-FTL daemon.

*** [ DIAGNOSING ]: Setup variables
    PIHOLE_INTERFACE=eth0
    IPV4_ADDRESS=192.168.0.155/24
    IPV6_ADDRESS=
    QUERY_LOGGING=true
    INSTALL_WEB_SERVER=true
    INSTALL_WEB_INTERFACE=true
    LIGHTTPD_ENABLED=true
    CACHE_SIZE=10000
    BLOCKING_ENABLED=true
    PIHOLE_DNS_1=127.0.0.1#5335
    DNS_FQDN_REQUIRED=true
    DNS_BOGUS_PRIV=true
    DNSSEC=false
    REV_SERVER=false
    DNSMASQ_LISTENING=local

*** [ DIAGNOSING ]: Dashboard and block page
[✗] Block page X-Header: X-Header does not match or could not be retrieved.
HTTP/1.1 200 OK
Content-type: text/html; charset=UTF-8
Expires: Sun, 30 Jan 2022 18:31:35 GMT
Cache-Control: max-age=0
Date: Sun, 30 Jan 2022 18:31:35 GMT
Server: lighttpd/1.4.59

[✓] Web interface X-Header: X-Pi-hole: The Pi-hole Web interface is working!

*** [ DIAGNOSING ]: Gravity Database
-rw-rw-r-- 1 pihole pihole 220K Jan 30 03:21 /etc/pihole/gravity.db

*** [ DIAGNOSING ]: Info table
   property              value                                   
   --------------------  ----------------------------------------
   version               15                                      
   updated               1643538072                              
   gravity_count         2046                                    
   Last gravity run finished at: Sun 30 Jan 2022 03:21:12 AM MST

   ----- First 10 Gravity Domains -----
   advanbusiness.com
   aoldaily.com
   aolon1ine.com
   applesoftupdate.com
   arrowservice.net
   attnpower.com
   aunewsonline.com
   avvmail.com
   bigdepression.net
   bigish.net


*** [ DIAGNOSING ]: Groups
   id    enabled  name                                                date_added           date_modified        description                                       
   ----  -------  --------------------------------------------------  -------------------  -------------------  --------------------------------------------------
   0           1  Default                                             2022-01-30 01:54:48  2022-01-30 01:54:48  The default group                                 

*** [ DIAGNOSING ]: Domainlist (0/1 = exact white-/blacklist, 2/3 = regex white-/blacklist)

*** [ DIAGNOSING ]: Clients

*** [ DIAGNOSING ]: Adlists
   id     enabled  group_ids     address                                                                                               date_added           date_modified        comment                                           
   -----  -------  ------------  ----------------------------------------------------------------------------------------------------  -------------------  -------------------  --------------------------------------------------
   1            1  0             http://osint.bambenekconsulting.com/feeds/c2-dommasterlist.txt                                        2022-01-30 02:05:09  2022-01-30 02:05:09                                                    
   2            1  0             http://www.malwaredomainlist.com/hostslist/hosts.txt                                                  2022-01-30 02:05:09  2022-01-30 02:05:09                                                    
   3            1  0             http://malc0de.com/bl/ZONES                                                                           2022-01-30 02:05:09  2022-01-30 02:05:09                                                    
   4            1  0             http://mirror1.malwaredomains.com/files/justdomains                                                   2022-01-30 02:05:09  2022-01-30 02:05:09                                                    
   5            1  0             https://isc.sans.edu/feeds/suspiciousdomains_High.txt                                                 2022-01-30 02:05:09  2022-01-30 02:05:09                                                    
   6            1  0             http://osint.bambenekconsulting.com/feeds/dga-feed-high.csv                                           2022-01-30 02:05:09  2022-01-30 02:05:09                                                    
   7            1  0             https://raw.githubusercontent.com/jonschipp/mal-dnssearch/master/mandiant_apt1.dns                    2022-01-30 02:05:09  2022-01-30 02:05:09                                                    
   8            1  0             https://raw.githubusercontent.com/chadmayfield/pihole-blocklists/master/lists/                        2022-01-30 02:05:09  2022-01-30 02:05:09                                                    

*** [ DIAGNOSING ]: contents of /etc/pihole

-rw-r--r-- 1 root root 0 Jan 30 01:54 /etc/pihole/custom.list

-rw-r--r-- 1 root root 65 Jan 30 03:21 /etc/pihole/local.list

-rw-r--r-- 1 root root 234 Jan 30 01:54 /etc/pihole/logrotate
   /var/log/pihole.log {
   	su root root
   	daily
   	copytruncate
   	rotate 5
   	compress
   	delaycompress
   	notifempty
   	nomail
   }
   /var/log/pihole-FTL.log {
   	su root root
   	weekly
   	copytruncate
   	rotate 3
   	compress
   	delaycompress
   	notifempty
   	nomail
   }

-rw-rw-r-- 1 pihole root 127 Jan 30 01:54 /etc/pihole/pihole-FTL.conf
   PRIVACYLEVEL=0

*** [ DIAGNOSING ]: contents of /etc/dnsmasq.d

-rw-r--r-- 1 root root 1.4K Jan 30 02:14 /etc/dnsmasq.d/01-pihole.conf
   addn-hosts=/etc/pihole/local.list
   addn-hosts=/etc/pihole/custom.list
   localise-queries
   no-resolv
   cache-size=10000
   log-queries
   log-facility=/var/log/pihole.log
   log-async
   server=127.0.0.1#5335
   domain-needed
   expand-hosts
   bogus-priv
   local-service

-rw-r--r-- 1 root root 38 Jan 30 02:14 /etc/dnsmasq.d/02-pivpn.conf
   addn-hosts=/etc/pivpn/hosts.wireguard

-rw-r--r-- 1 root root 2.2K Jan 30 01:54 /etc/dnsmasq.d/06-rfc6761.conf
   server=/test/
   server=/localhost/
   server=/invalid/
   server=/bind/
   server=/onion/

*** [ DIAGNOSING ]: contents of /etc/lighttpd

-rw-r--r-- 1 root root 0 Jan 30 01:54 /etc/lighttpd/external.conf

-rw-r--r-- 1 root root 3.7K Jan 30 01:54 /etc/lighttpd/lighttpd.conf
   server.modules = (
       "mod_access",
       "mod_accesslog",
       "mod_auth",
       "mod_expire",
       "mod_redirect",
       "mod_setenv",
       "mod_rewrite"
   )
   server.document-root        = "/var/www/html"
   server.error-handler-404    = "/pihole/index.php"
   server.upload-dirs          = ( "/var/cache/lighttpd/uploads" )
   server.errorlog             = "/var/log/lighttpd/error.log"
   server.pid-file             = "/run/lighttpd.pid"
   server.username             = "www-data"
   server.groupname            = "www-data"
   server.port                 = 80
   accesslog.filename          = "/var/log/lighttpd/access.log"
   accesslog.format            = "%{%s}t|%V|%r|%s|%b"
   index-file.names            = ( "index.php", "index.html", "index.lighttpd.html" )
   url.access-deny             = ( "~", ".inc", ".md", ".yml", ".ini" )
   static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )
   mimetype.assign = (
       ".ico"   => "image/x-icon",
       ".jpeg"  => "image/jpeg",
       ".jpg"   => "image/jpeg",
       ".png"   => "image/png",
       ".svg"   => "image/svg+xml",
       ".css"   => "text/css; charset=utf-8",
       ".html"  => "text/html; charset=utf-8",
       ".js"    => "text/javascript; charset=utf-8",
       ".json"  => "application/json; charset=utf-8",
       ".map"   => "application/json; charset=utf-8",
       ".txt"   => "text/plain; charset=utf-8",
       ".eot"   => "application/vnd.ms-fontobject",
       ".otf"   => "font/otf",
       ".ttc"   => "font/collection",
       ".ttf"   => "font/ttf",
       ".woff"  => "font/woff",
       ".woff2" => "font/woff2"
   )
   include_shell "cat external.conf 2>/dev/null"
   include_shell "/usr/share/lighttpd/use-ipv6.pl " + server.port
   include_shell "find /etc/lighttpd/conf-enabled -name '*.conf' -a ! -name 'letsencrypt.conf' -printf 'include \"%p\"
' 2>/dev/null"
   $HTTP["url"] =~ "^/admin/" {
       setenv.add-response-header = (
           "X-Pi-hole" => "The Pi-hole Web interface is working!",
           "X-Frame-Options" => "DENY"
       )
   }
   $HTTP["url"] =~ "^/admin/\.(.*)" {
       url.access-deny = ("")
   }
   $HTTP["url"] =~ "/(teleporter|api_token)\.php$" {
       $HTTP["referer"] =~ "/admin/settings\.php" {
           setenv.add-response-header = ( "X-Frame-Options" => "SAMEORIGIN" )
       }
   }
   expire.url = ( "" => "access plus 0 seconds" )

*** [ DIAGNOSING ]: contents of /etc/cron.d

-rw-r--r-- 1 root root 1.8K Jan 30 01:54 /etc/cron.d/pihole
   21 3   * * 7   root    PATH="$PATH:/usr/sbin:/usr/local/bin/" pihole updateGravity >/var/log/pihole_updateGravity.log || cat /var/log/pihole_updateGravity.log
   00 00   * * *   root    PATH="$PATH:/usr/sbin:/usr/local/bin/" pihole flush once quiet
   @reboot root /usr/sbin/logrotate --state /var/lib/logrotate/pihole /etc/pihole/logrotate
   */10 *  * * *   root    PATH="$PATH:/usr/sbin:/usr/local/bin/" pihole updatechecker local
   34 16  * * *   root    PATH="$PATH:/usr/sbin:/usr/local/bin/" pihole updatechecker remote
   @reboot root    PATH="$PATH:/usr/sbin:/usr/local/bin/" pihole updatechecker remote reboot

*** [ DIAGNOSING ]: contents of /var/log/lighttpd

-rw-r--r-- 1 www-data www-data 770 Jan 30 10:44 /var/log/lighttpd/error.log
   -----head of error.log------
   2022-01-30 01:53:27: server.c.1513) server started (lighttpd/1.4.59)
   2022-01-30 01:54:35: server.c.1976) server stopped by UID = 0 PID = 1
   2022-01-30 01:54:35: server.c.1513) server started (lighttpd/1.4.59)
   2022-01-30 01:59:39: Wrong token! Please re-login on the Pi-hole dashboard.
   2022-01-30 02:06:15: server.c.1976) server stopped by UID = 0 PID = 1
   2022-01-30 02:06:53: server.c.1513) server started (lighttpd/1.4.59)
   2022-01-30 02:17:36: server.c.1976) server stopped by UID = 0 PID = 1
   2022-01-30 02:18:02: server.c.1513) server started (lighttpd/1.4.59)
   2022-01-30 09:17:22: server.c.1513) server started (lighttpd/1.4.59)
   2022-01-30 10:44:02: server.c.1976) server stopped by UID = 0 PID = 1
   2022-01-30 10:44:25: server.c.1513) server started (lighttpd/1.4.59)

   -----tail of error.log------
   2022-01-30 01:53:27: server.c.1513) server started (lighttpd/1.4.59)
   2022-01-30 01:54:35: server.c.1976) server stopped by UID = 0 PID = 1
   2022-01-30 01:54:35: server.c.1513) server started (lighttpd/1.4.59)
   2022-01-30 01:59:39: Wrong token! Please re-login on the Pi-hole dashboard.
   2022-01-30 02:06:15: server.c.1976) server stopped by UID = 0 PID = 1
   2022-01-30 02:06:53: server.c.1513) server started (lighttpd/1.4.59)
   2022-01-30 02:17:36: server.c.1976) server stopped by UID = 0 PID = 1
   2022-01-30 02:18:02: server.c.1513) server started (lighttpd/1.4.59)
   2022-01-30 09:17:22: server.c.1513) server started (lighttpd/1.4.59)
   2022-01-30 10:44:02: server.c.1976) server stopped by UID = 0 PID = 1
   2022-01-30 10:44:25: server.c.1513) server started (lighttpd/1.4.59)

*** [ DIAGNOSING ]: contents of /var/log

-rw-r--r-- 1 pihole pihole 55K Jan 30 11:00 /var/log/pihole-FTL.log
   -----head of pihole-FTL.log------
   [2022-01-30 01:54:42.959 11980M] Using log file /var/log/pihole-FTL.log
   [2022-01-30 01:54:42.959 11980M] ########## FTL started on raspberrypi! ##########
   [2022-01-30 01:54:42.959 11980M] FTL branch: master
   [2022-01-30 01:54:42.959 11980M] FTL version: v5.13
   [2022-01-30 01:54:42.959 11980M] FTL commit: b197b69
   [2022-01-30 01:54:42.959 11980M] FTL date: 2022-01-05 18:19:34 +0000
   [2022-01-30 01:54:42.959 11980M] FTL user: pihole
   [2022-01-30 01:54:42.959 11980M] Compiled for armv7hf (compiled on CI) using arm-linux-gnueabihf-gcc (Debian 6.3.0-18) 6.3.0 20170516
   [2022-01-30 01:54:42.959 11980M] Creating mutex
   [2022-01-30 01:54:42.959 11980M] Creating mutex
   [2022-01-30 01:54:42.961 11980M] Starting config file parsing (/etc/pihole/pihole-FTL.conf)
   [2022-01-30 01:54:42.961 11980M]    SOCKET_LISTENING: only local
   [2022-01-30 01:54:42.961 11980M]    AAAA_QUERY_ANALYSIS: Show AAAA queries
   [2022-01-30 01:54:42.961 11980M]    MAXDBDAYS: max age for stored queries is 365 days
   [2022-01-30 01:54:42.961 11980M]    RESOLVE_IPV6: Resolve IPv6 addresses
   [2022-01-30 01:54:42.961 11980M]    RESOLVE_IPV4: Resolve IPv4 addresses
   [2022-01-30 01:54:42.962 11980M]    DBINTERVAL: saving to DB file every minute
   [2022-01-30 01:54:42.962 11980M]    DBFILE: Using /etc/pihole/pihole-FTL.db
   [2022-01-30 01:54:42.962 11980M]    MAXLOGAGE: Importing up to 24.0 hours of log data
   [2022-01-30 01:54:42.962 11980M]    PRIVACYLEVEL: Set to 0
   [2022-01-30 01:54:42.962 11980M]    IGNORE_LOCALHOST: Show queries from localhost
   [2022-01-30 01:54:42.962 11980M]    BLOCKINGMODE: Null IPs for blocked domains
   [2022-01-30 01:54:42.962 11980M]    ANALYZE_ONLY_A_AND_AAAA: Disabled. Analyzing all queries
   [2022-01-30 01:54:42.962 11980M]    DBIMPORT: Importing history from database
   [2022-01-30 01:54:42.962 11980M]    PIDFILE: Using /run/pihole-FTL.pid
   [2022-01-30 01:54:42.962 11980M]    PORTFILE: Using /run/pihole-FTL.port
   [2022-01-30 01:54:42.962 11980M]    SOCKETFILE: Using /run/pihole/FTL.sock
   [2022-01-30 01:54:42.962 11980M]    SETUPVARSFILE: Using /etc/pihole/setupVars.conf
   [2022-01-30 01:54:42.962 11980M]    MACVENDORDB: Using /etc/pihole/macvendor.db
   [2022-01-30 01:54:42.962 11980M]    GRAVITYDB: Using /etc/pihole/gravity.db
   [2022-01-30 01:54:42.962 11980M]    PARSE_ARP_CACHE: Active
   [2022-01-30 01:54:42.962 11980M]    CNAME_DEEP_INSPECT: Active
   [2022-01-30 01:54:42.963 11980M]    DELAY_STARTUP: No delay requested.
   [2022-01-30 01:54:42.963 11980M]    BLOCK_ESNI: Enabled, blocking _esni.{blocked domain}
   [2022-01-30 01:54:42.963 11980M]    NICE: Set process niceness to -10 (default)

   -----tail of pihole-FTL.log------
   [2022-01-30 10:44:26.702 738M]    ADDR2LINE: Enabled
   [2022-01-30 10:44:26.702 738M]    REPLY_WHEN_BUSY: Permit queries when the database is busy
   [2022-01-30 10:44:26.702 738M]    BLOCK_TTL: 2 seconds
   [2022-01-30 10:44:26.702 738M]    BLOCK_ICLOUD_PR: Enabled
   [2022-01-30 10:44:26.702 738M]    CHECK_LOAD: Enabled
   [2022-01-30 10:44:26.702 738M]    CHECK_SHMEM: Warning if shared-memory usage exceeds 90%
   [2022-01-30 10:44:26.702 738M]    CHECK_DISK: Warning if certain disk usage exceeds 90%
   [2022-01-30 10:44:26.702 738M] Finished config file parsing
   [2022-01-30 10:44:26.707 738M] Database version is 9
   [2022-01-30 10:44:26.708 738M] Resizing "FTL-strings" from 40960 to (81920 * 1) == 81920 (/dev/shm: 1.1MB used, 483.8MB total, FTL uses 1.1MB)
   [2022-01-30 10:44:26.710 738M] Imported 0 alias-clients
   [2022-01-30 10:44:26.710 738M] Database successfully initialized
   [2022-01-30 10:44:27.558 738M] New upstream server: 127.0.0.1:5335 (0/256)
   [2022-01-30 10:44:27.570 738M] Imported 207 queries from the long-term database
   [2022-01-30 10:44:27.571 738M]  -> Total DNS queries: 207
   [2022-01-30 10:44:27.571 738M]  -> Cached DNS queries: 67
   [2022-01-30 10:44:27.571 738M]  -> Forwarded DNS queries: 140
   [2022-01-30 10:44:27.571 738M]  -> Blocked DNS queries: 0
   [2022-01-30 10:44:27.571 738M]  -> Unknown DNS queries: 0
   [2022-01-30 10:44:27.571 738M]  -> Unique domains: 44
   [2022-01-30 10:44:27.571 738M]  -> Unique clients: 5
   [2022-01-30 10:44:27.572 738M]  -> Known forward destinations: 1
   [2022-01-30 10:44:27.572 738M] Successfully accessed setupVars.conf
   [2022-01-30 10:44:27.579 738M] listening on 0.0.0.0 port 53
   [2022-01-30 10:44:27.579 738M] listening on :: port 53
   [2022-01-30 10:44:27.586 741M] PID of FTL process: 741
   [2022-01-30 10:44:27.588 741/T742] Listening on port 4711 for incoming IPv4 telnet connections
   [2022-01-30 10:44:27.589 741M] INFO: FTL is running as user pihole (UID 999)
   [2022-01-30 10:44:27.589 741/T744] Listening on Unix socket
   [2022-01-30 10:44:27.591 741/T743] Listening on port 4711 for incoming IPv6 telnet connections
   [2022-01-30 10:44:27.603 741M] Reloading DNS cache
   [2022-01-30 10:44:28.601 741/T745] Compiled 0 whitelist and 0 blacklist regex filters for 5 clients in 2.7 msec
   [2022-01-30 10:44:29.597 741M] Blocking status is enabled
   [2022-01-30 11:00:01.881 741/T747] SQLite3 message: database is locked in "SELECT name FROM network_addresses WHERE name IS NOT NULL AND ip = ?;" (5)
   [2022-01-30 11:00:01.881 741/T747] getNameFromIP("192.168.0.128") - SQL error prepare: database is locked

*** [ DIAGNOSING ]: contents of /dev/shm
-rw------- 1 pihole pihole 668K Jan 30 11:31 /dev/shm/FTL-clients
-rw------- 1 pihole pihole 240 Jan 30 10:44 /dev/shm/FTL-counters
-rw------- 1 pihole pihole 4.0K Jan 30 10:44 /dev/shm/FTL-dns-cache
-rw------- 1 pihole pihole 4.0K Jan 30 10:44 /dev/shm/FTL-domains
-rw------- 1 pihole pihole 56 Jan 30 10:44 /dev/shm/FTL-lock
-rw------- 1 pihole pihole 12K Jan 30 10:44 /dev/shm/FTL-overTime
-rw------- 1 pihole pihole 4.0K Jan 30 10:44 /dev/shm/FTL-per-client-regex
-rw------- 1 pihole pihole 176K Jan 30 10:44 /dev/shm/FTL-queries
-rw------- 1 pihole pihole 12 Jan 30 10:44 /dev/shm/FTL-settings
-rw------- 1 pihole pihole 80K Jan 30 10:44 /dev/shm/FTL-strings
-rw------- 1 pihole pihole 156K Jan 30 10:44 /dev/shm/FTL-upstreams

*** [ DIAGNOSING ]: contents of /etc

-rw-r--r-- 1 root root 24 Jan 30 01:54 /etc/dnsmasq.conf
   conf-dir=/etc/dnsmasq.d

-rw-r--r-- 1 root root 47 Jan 30 10:44 /etc/resolv.conf
   nameserver 127.0.0.1

*** [ DIAGNOSING ]: Pi-hole diagnosis messages

*** [ DIAGNOSING ]: Locale
    LANG=en_US.UTF-8

*** [ DIAGNOSING ]: Pi-hole log
-rw-r--r-- 1 pihole pihole 88K Jan 30 11:31 /var/log/pihole.log
   -----head of pihole.log------
   Jan 30 01:54:48 dnsmasq[11982]: started, version pi-hole-2.87test4-18 cachesize 10000
   Jan 30 01:54:48 dnsmasq[11982]: DNS service limited to local subnets
   Jan 30 01:54:48 dnsmasq[11982]: compile time options: IPv6 GNU-getopt no-DBus no-UBus no-i18n IDN DHCP DHCPv6 Lua TFTP no-conntrack ipset no-nftset auth cryptohash DNSSEC loop-detect inotify dumpfile
   Jan 30 01:54:48 dnsmasq[11982]: using nameserver 127.0.0.1#5335
   Jan 30 01:54:48 dnsmasq[11982]: using nameserver 127.0.0.1#5335
   Jan 30 01:54:48 dnsmasq[11982]: using only locally-known addresses for onion
   Jan 30 01:54:48 dnsmasq[11982]: using only locally-known addresses for bind
   Jan 30 01:54:48 dnsmasq[11982]: using only locally-known addresses for invalid
   Jan 30 01:54:48 dnsmasq[11982]: using only locally-known addresses for localhost
   Jan 30 01:54:48 dnsmasq[11982]: using only locally-known addresses for test
   Jan 30 01:54:48 dnsmasq[11982]: read /etc/hosts - 5 addresses
   Jan 30 01:54:48 dnsmasq[11982]: read /etc/pihole/custom.list - 0 addresses
   Jan 30 01:54:48 dnsmasq[11982]: failed to load names from /etc/pihole/local.list: No such file or directory
   Jan 30 02:00:04 dnsmasq[11982]: exiting on receipt of SIGTERM
   Jan 30 02:00:07 dnsmasq[13277]: started, version pi-hole-2.87test4-18 cachesize 10000
   Jan 30 02:00:07 dnsmasq[13277]: DNS service limited to local subnets
   Jan 30 02:00:07 dnsmasq[13277]: compile time options: IPv6 GNU-getopt no-DBus no-UBus no-i18n IDN DHCP DHCPv6 Lua TFTP no-conntrack ipset no-nftset auth cryptohash DNSSEC loop-detect inotify dumpfile
   Jan 30 02:00:07 dnsmasq[13277]: using nameserver 127.0.0.1#5335
   Jan 30 02:00:07 dnsmasq[13277]: using only locally-known addresses for onion
   Jan 30 02:00:07 dnsmasq[13277]: using only locally-known addresses for bind

   -----tail of pihole.log------
   Jan 30 11:31:20 dnsmasq[741]: query[AAAA] ns1.pi-hole.net from 127.0.0.1
   Jan 30 11:31:20 dnsmasq[741]: forwarded ns1.pi-hole.net to 127.0.0.1
   Jan 30 11:31:20 dnsmasq[741]: reply ns1.pi-hole.net is 205.251.193.151
   Jan 30 11:31:20 dnsmasq[741]: reply ns1.pi-hole.net is 2600:9000:5301:9700::1
   Jan 30 11:31:22 dnsmasq[741]: query[A] mail.chileexe77.com from 127.0.0.1
   Jan 30 11:31:22 dnsmasq[741]: gravity blocked mail.chileexe77.com is 0.0.0.0
   Jan 30 11:31:22 dnsmasq[741]: query[A] mail.chileexe77.com from 192.168.0.155
   Jan 30 11:31:22 dnsmasq[741]: gravity blocked mail.chileexe77.com is 0.0.0.0
   Jan 30 11:31:22 dnsmasq[741]: query[A] mail.chileexe77.com from 10.6.0.1
   Jan 30 11:31:22 dnsmasq[741]: gravity blocked mail.chileexe77.com is 0.0.0.0
   Jan 30 11:31:22 dnsmasq[741]: query[PTR] 155.0.168.192.in-addr.arpa from 127.0.0.1
   Jan 30 11:31:23 dnsmasq[741]: config 155.0.168.192.in-addr.arpa is <PTR>
   Jan 30 11:31:23 dnsmasq[741]: query[PTR] 1.0.6.10.in-addr.arpa from 127.0.0.1
   Jan 30 11:31:23 dnsmasq[741]: config 1.0.6.10.in-addr.arpa is <PTR>
   Jan 30 11:31:23 dnsmasq[741]: query[AAAA] file.firefoxupdata.com from ::1
   Jan 30 11:31:23 dnsmasq[741]: gravity blocked file.firefoxupdata.com is ::
   Jan 30 11:31:23 dnsmasq[741]: query[AAAA] file.firefoxupdata.com from fe80::a7c:c1a2:460f:f20b
   Jan 30 11:31:23 dnsmasq[741]: gravity blocked file.firefoxupdata.com is ::
   Jan 30 11:31:24 dnsmasq[741]: query[PTR] b.0.2.f.f.0.6.4.2.a.1.c.c.7.a.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa from 127.0.0.1
   Jan 30 11:31:24 dnsmasq[741]: config b.0.2.f.f.0.6.4.2.a.1.c.c.7.a.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa is <PTR>


********************************************
********************************************
[✓] ** FINISHED DEBUGGING! **
2

Pi-hole is not involved in a wireguard handshake.
It would only become accessible after a successful handshake.

You should consider to also consult the wireguard and PiVPN forums for support.

EDIT: I can't find any information on the actual handshake errors in your post?
In case one of our users with a similar setup happens to read your post, it may help to include details about the handshake error.

1 Like
3

Would you be able to point me towards where I can find those forums?

4

I couldn't see any specific errors either, just that data was being sent but nothing was ever being received when everything I've seen says that I should. My assumption is that somewhere my DNS/IP address for something is off, but I don't know which nor where.

For example, it should look like this:

Screen Shot 2022-01-30 at 1.04.52 PM
Screen Shot 2022-01-30 at 1.04.52 PM444×152 42.5 KB

5

If you woud see no packets at all arriving at your PiVPN host during the handshake, that could also suggest a networking issue, e.g. your router is not properly configured to forward requests to that host, or a remote IPv4 client would try to connect to you while your ISP is employing CGNAT (your router's WAN interface would then carry an IPv4 address from the 100.64.0.0/10 range).
The latter would be common for a DSLite ISP connection, and in that case, IPv4 clients will not be able to connect to your network.

PiVPN runs a GitHub repository, you may search for similar issues there e.g.

6

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.