Pivpn allowed IPs wireguard

Does dietpi allow for split tunnel with wireguard. Can one change allowed ips to the host’s local network and only pass that traffic?

This has basically nothing to do with DietPi. You can configure Wireguard as you wish. I guess you are looking for the client configuration?

Apologize, not trying to be disrespectful of anyone’s time. I have been trying to set up a split tunnel with little success and just trying to eliminate possibilities. The few tutorials I have found make it seem pretty simple. Change the allowed IPs to include the host local network and the vpn’s network and should be good to go…Not the case for me. Thanks for eliminating an dietpi from the mix of possibilities.

Can you share your configuration for allowedIPs?

I’m running a lot of split tunnels on my clients

I run a split tunnel with wireguard on DietPi, to filter my DNS requests with PiHole.
What have you tried so far and what are you experiencing?

What I have tried is to go into /etc/wireguard/wg0:

[Interface]
PrivateKey = My Private Key
Address = 10.219.14.1/24
MTU = 1420
ListenPort = My Listen Port

### begin SkidsMac ###
[Peer]
PublicKey = My Public Key
PresharedKey = My Preshared Key
AllowedIPs = 10.219.14.4/32, 192.168.3.0/24
### end SkidsMac ###

And on the client I edit my tunnel:

[Interface]
PrivateKey = My Private Key
Address = 10.219.14.4/32

[Peer]
PublicKey = My Public Key
PresharedKey = My Preshared Key
AllowedIPs = 192.168.3.0/24
Endpoint =My domain:51829

Is this the incorrect approach?

On server side

should be set to AllowedIPs = 10.219.14.4/32 only. No need to add 192.168.3.0/24 there

On client side.

There is no DNS server set? Is this correct? Usually I would expect it within [Interface] section

Should be 10.219.14.4/24

No, you need to specify the AllowedIPs on the node which is making the requests, not the node which receives the requets. So you send only the IP ranges you want through the VPN tunnel and every other IP range through your default interface.

So for example I have 3 nodes: 10.6.0.1 to 10.6.0.3.
Node 0.1 is the device which runs my pihole instance. So I want nodes 0.2 and 0.3 only send the DNS requests to it (make a split tunnel).
So on the nodes 0.2 and 0.3 I set DNS to 10.6.0.1 and in their configs I set AllowedIPs to 10.6.0.0/24 (and also to my LAN IP range so I can access my LAN from the outside if I want).

Theoretically you can use local network IP address as well. Doesn’t need to be the VPN server IP address. :crazy_face:

1 Like

Why is often so obvious when you the solution is revealed. Thanks for the insight! (To both of you.)

1 Like

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.