Pihole blocks ads only on devices connected to WireGuard VPN
Hi team, let me explain what I have done. I deployed:
- Portainer CE 2.19.4
- pihole 5.17.3
- WG-Easy (wireguard)
Both container were deployed using this compose:
version: "3.8"
services:
wg-easy:
environment:
# ⚠️ Change the server's hostname (clients will connect to):
- WG_HOST=mysubdomain.duckdns.org
# ⚠️ Change the Web UI Password:
- PASSWORD=Passwordxxxxx
# 💡 This is the Pi-Hole Container's IP Address
- WG_DEFAULT_DNS=10.8.1.3
- WG_DEFAULT_ADDRESS=10.8.0.x
image: ghcr.io/wg-easy/wg-easy
container_name: wg-easy
volumes:
- ~/.wg-easy:/etc/wireguard
ports:
- "51820:51820/udp"
- "51821:51821/tcp"
restart: unless-stopped
cap_add:
- NET_ADMIN
- SYS_MODULE
sysctls:
- net.ipv4.ip_forward=1
- net.ipv4.conf.all.src_valid_mark=1
networks:
wg-easy:
ipv4_address: 10.8.1.2
pihole:
image: pihole/pihole
container_name: pihole
environment:
# ⚠️ Change the Web UI Password:
- WEBPASSWORD=Passwordxxxxx
volumes:
- '~/.pihole/etc-pihole:/etc/pihole'
- './.pihole/etc-dnsmasq.d:/etc/dnsmasq.d'
ports:
- "53:53/tcp"
- "53:53/udp"
- "5353:80/tcp"
restart: unless-stopped
networks:
wg-easy:
ipv4_address: 10.8.1.3
networks:
wg-easy:
ipam:
config:
- subnet: 10.8.1.0/24
This configure both container I the same network in order to move the vpn traffic pihole where an device is connect to it .
Everything deployed well and all of this within a raspberry pi 5, until I see that pihole is blocking ads only when I’m connected to the vpn and when I’m using my home WiFi without vpn, pihole doesn’t block ads.
I have configured raspberry pi ip 192.168.1.10 address as my primary dns on my home router.
Within pihole, I can see the list of my lan devices I have (attached this).
Is there ways that i can configure within pihole or something like that, in order to allow pihole to block ads when I’m connected via vpn and disconnected but using my home wifi.
Test I did:
1- All devices connected to my wifi are getting raspi ip as dns. I browsed internet and all ads appears.
2- Connect a laptop to my smartphone internet as hotspot, enable the WireGuard vpn, I browsed again or refresh the same page and the ads disappeared.
3- I did the same exercise with my smartphone, connected through the WiFi all ads are present, using mobile data and connected to vpn , all ads gone.
4- I recently used macvlan because I see that could be useful to connect a virtual network to the container using a real ip from my LAN. But I see pihole look the IPs even macs of my devices, but doesn’t block the ads.