Pivpn allowed IPs wireguard

jonyskids · 16 November 2024 01:14

Does dietpi allow for split tunnel with wireguard. Can one change allowed ips to the host’s local network and only pass that traffic?

Joulinar · 16 November 2024 06:27

This has basically nothing to do with DietPi. You can configure Wireguard as you wish. I guess you are looking for the client configuration?

jonyskids · 16 November 2024 06:37

Apologize, not trying to be disrespectful of anyone’s time. I have been trying to set up a split tunnel with little success and just trying to eliminate possibilities. The few tutorials I have found make it seem pretty simple. Change the allowed IPs to include the host local network and the vpn’s network and should be good to go…Not the case for me. Thanks for eliminating an dietpi from the mix of possibilities.

Joulinar · 16 November 2024 07:00

Can you share your configuration for allowedIPs?

I’m running a lot of split tunnels on my clients

Jappe · 16 November 2024 12:12

I run a split tunnel with wireguard on DietPi, to filter my DNS requests with PiHole.
What have you tried so far and what are you experiencing?

jonyskids · 16 November 2024 12:46

What I have tried is to go into /etc/wireguard/wg0:

[Interface]
PrivateKey = My Private Key
Address = 10.219.14.1/24
MTU = 1420
ListenPort = My Listen Port

### begin SkidsMac ###
[Peer]
PublicKey = My Public Key
PresharedKey = My Preshared Key
AllowedIPs = 10.219.14.4/32, 192.168.3.0/24
### end SkidsMac ###

And on the client I edit my tunnel:

[Interface]
PrivateKey = My Private Key
Address = 10.219.14.4/32

[Peer]
PublicKey = My Public Key
PresharedKey = My Preshared Key
AllowedIPs = 192.168.3.0/24
Endpoint =My domain:51829

Is this the incorrect approach?

Joulinar · 16 November 2024 16:21

On server side

should be set to AllowedIPs = 10.219.14.4/32 only. No need to add 192.168.3.0/24 there

On client side.

There is no DNS server set? Is this correct? Usually I would expect it within [Interface] section

Should be 10.219.14.4/24

Jappe · 16 November 2024 16:22

No, you need to specify the AllowedIPs on the node which is making the requests, not the node which receives the requets. So you send only the IP ranges you want through the VPN tunnel and every other IP range through your default interface.

So for example I have 3 nodes: 10.6.0.1 to 10.6.0.3.
Node 0.1 is the device which runs my pihole instance. So I want nodes 0.2 and 0.3 only send the DNS requests to it (make a split tunnel).
So on the nodes 0.2 and 0.3 I set DNS to 10.6.0.1 and in their configs I set AllowedIPs to 10.6.0.0/24 (and also to my LAN IP range so I can access my LAN from the outside if I want).

Joulinar · 16 November 2024 16:25

Theoretically you can use local network IP address as well. Doesn’t need to be the VPN server IP address.

jonyskids · 16 November 2024 17:04

Why is often so obvious when you the solution is revealed. Thanks for the insight! (To both of you.)

system · 14 February 2025 17:04

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.