rutherford Posted May 8, 2022 Share Posted May 8, 2022 (edited) anyone have this setup correctly? I'd like to be able to connect to my home network, access local services, and use the PiHole ad-blocker for regular internet browsing. It's worked before, but it's not now, and I'm not sure what got screwed up. Wireguard VPN on my unRaid server (static 192.168.11.53). unRaid > Settings > VPN Manager > remote tunneled access both "laptop" and "phone" can connect to VPN no problems to access local services neither laptop or phone can access internet while connected network connected raspberryPI runs pihole ad-blocker and DHCP on static IP 192.168.11.4 "guide_pihole_on_the_go_with_wireguard" reddit post laptop Wireguard conf. You can see the only way I could kinda make it work is by specifying 8.8.8.8 for the DNS, which bypasses the pihole blocker, and is slow as molasses. If I put in 192.168.11.4, the pihole address for DNS, nothing works. [Interface] PrivateKey = xxxxxxxxxxxxxxxxxx Address = 10.253.0.2/32 DNS = 8.8.8.8 [Peer] PublicKey = xxxxxxxxxxxxxxxxxxxx PresharedKey = xxxxxxxxxxxxxxxxxxxxxxxxx AllowedIPs = 0.0.0.0/0 Endpoint = username.duckdns.org:61801 Edited May 8, 2022 by dkerlee Quote Link to comment
rutherford Posted May 19, 2022 Author Share Posted May 19, 2022 I gathered more pertinent network data in the hopes at networking pro comes across this! Fingers crossed. ================================================== ========== Orbi RBR750 =========================== ================================================== DHCP off WAN: 174.21.xxx.xxx, PPPoE from Centurylink DNS: 205.171.3.25, 205.171.2.25 LAN: 192.168.11.1 IP Address: get dynamically IP address from Router, grayed 174.21.xxx.xxx DNS address: Get automatically from ISP, grayed 205.171.3.25, 205.171.2.25 firmware version: V4.6.8.2 Advanced > Router / AP Mode: Router Mode selected Advanced > Port forwarding: several ports forwarded to unRaid server (including 61801 > 192.168.11.53:61801) UPnP: On Traffic meter: Off VLAN / Bridge Settings: Enabled, By VLAN tag group: VLAN ID 201, Priority 0, All wired ports, All wireless ================================================== =================unRaid 6.10.0==================== ================================================== Network settings Enable Bonding: Yes Bonding mode: Active-backup (1) Enable briding: Yes Network protocol: IPv4 only IPv4 address assignment: Static IPv4 address: 192.168.11.53 /16 IPv4 default gateway: 192.168.11.1 IPv4 DNS server assignment: static IPv4 DNS server: 192.168.11.1 IPv4 DNS server 2: 208.67.222.222 (opendns.com I think) IPv4 DNS server 3: 208.67.220.220 Desired MTU: 1500 Enable VLANs: No Routing table, all IPv4 Protocols route gateway default 192.168.11.1 via br0 10.253.0.2 wg0 10.253.0.3 wg0 172.17.0.0/16 docker0 172.18.0.0/16 br-4df99f81dc0c 192.168.0.0/17 shim-br0 192.168.0.0/16 br0 192.168.128.0/17 shim-br0 Settings > Network > VPN manager (wireguard settings) local name: unraid vpn network protocol: IPv4 only local tunnel network protocol: 10.253.0.0/24 local tunnel address: 10.253.0.1 local endpoint: myname.duckdns.org: 61801 Local server uses NAT: yes Peer name: laptop, remote tunneled access peer tunnel address: 10.253.0.2 peer DNS server: 192.168.11.1 peer name: phone, remote tunneled access peer tunnel address: 10.253.0.3 peer DNS server: 192.168.11.1 ================================================== =================raspberry pi piHole============== ================================================== Pi-hole v5.10, FTL v5.15, Web interface v5.12 Settings > DNS > IPv4 both checked: DNS OpenDNS. Nothing checked for IPv6. Settings > DNS > Interface settings: Allow only local requests checked Settings > DHCP > enabled Settings > DHCP > range of IP to hand out: 192.168.11.201 - 251 Settings > DHCP > Router (gateway) IP address: 192.168.11.1 Quote Link to comment
adminmat Posted December 15, 2022 Share Posted December 15, 2022 I'm having this same issue. Did you find a fix? I have a similar setup except I run PiHole on unraid in a container. It used to work for me but not anymore. Quote Link to comment
rutherford Posted December 15, 2022 Author Share Posted December 15, 2022 Ya know, I didn't get it exactly figured out. I ended up following these directions at docs.pi-hole.net. I'll also mention that you should watch the first 50 seconds of this video, it's funny. That being said, what I NOW have going on are TWO piholes. One is docker, one is on a RaspberryPI 3 (near impossible to get at the moment sad face). Each one is doing DHCP, but are assigning in different pools of IPs. Each pihole has itself + the other as the two DNS servers (clear as mud!?). Here's how I specified two DNS servers in the pihole DHCP settings. The reason I found that first youtube video up there hilarious is because having the only DNS server at home in the unRaid server kinda lends itself to ... failure. I had much better luck with a single dedicated raspberrypi; then thought I'd double up with unraid>docker>pihole. I digress: I hope one of these days pihole makes wireguard into the webGUI. But the instructions, while a little fiddly, are working solid for me now; and takes unraid out of the picture for remote access, which I like. hope that helps. happy holidays. Quote Link to comment
Jarsky Posted December 16, 2022 Share Posted December 16, 2022 8 hours ago, adminmat said: I'm having this same issue. Did you find a fix? I have a similar setup except I run PiHole on unraid in a container. It used to work for me but not anymore. 7 hours ago, rutherford said: Ya know, I didn't get it exactly figured out. Since your VPN allocates IP addressess in a different subnet (10.253.x.x), in Pi-hole did you try change Interface settings to "Permit all origins" ? Quote Link to comment
adminmat Posted December 16, 2022 Share Posted December 16, 2022 @@Jarsky yes I have it set to permit all origins Quote Link to comment
Sildenafil Posted December 16, 2022 Share Posted December 16, 2022 I have the same problem. I tried both with adguard and pihole installed on unraid but by connecting via wireguard vpn I can only navigate into the lan. Using adguard installed on a different machine than unraid (nuc with proxmox) everything works fine. Quote Link to comment
adminmat Posted December 16, 2022 Share Posted December 16, 2022 In the original Wireguard thread form 3 years ago the first page was all questions about how to get this working. And it still hasn't been resolved. I'm going to pull PiHole off unRAID and just use a dedicated RasPi. Not worth the headache. Quote Link to comment
Sildenafil Posted December 16, 2022 Share Posted December 16, 2022 1 hour ago, adminmat said: In the original Wireguard thread form 3 years ago the first page was all questions about how to get this working. And it still hasn't been resolved. I'm going to pull PiHole off unRAID and just use a dedicated RasPi. Not worth the headache. Quote Link to comment
ljm42 Posted December 16, 2022 Share Posted December 16, 2022 1 hour ago, adminmat said: In the original Wireguard thread form 3 years ago the first page was all questions about how to get this working. And it still hasn't been resolved. I'm going to pull PiHole off unRAID and just use a dedicated RasPi. Not worth the headache. By far the simplest solution is to host the PiHole on another system. If you host it on Unraid then you have to enable "Host access to custom networks" and give the PiHole its own IP. This puts you in the "Complex Networks" category of the guide: https://forums.unraid.net/topic/84226-wireguard-quickstart/ which requires you to setup a static route on your router. All of the details are explained in first two posts of that guide. I can't really offer 1:1 support because there are too many variables and WireGuard fails silently so there aren't a lot of clues as to where the problem lies. But yes, the simplest solution is to avoid "Host access to custom networks". 1 1 1 Quote Link to comment
adminmat Posted December 16, 2022 Share Posted December 16, 2022 Alright. Got it working now. The disconnect is I had Host Access to Custom Networks DISABLED. Maybe that happened after I upgraded the OS? Because I knew I had it working at one point.... I have a custom network for the PiHole docker container. This was set up to remedy the kernel panics. Host Access to Custom Networks = Enabled. Static routs are set in my router from the WG network 10.253.0/24 to the unRAID server 192.168.10.69. All working as intended. Interestingly I can't ping the PiHole server from my device through the Wireguard tunnel although it will resolve / block DNS properly to that device/client. Quote Link to comment
ljm42 Posted December 16, 2022 Share Posted December 16, 2022 Glad you got it working Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.