Hello,
I am at a loss right now. This should not be this difficult. I am trying to get PiVPN(Wireguard) working alongside PiHole/Unbound on my Rpi4 B on latest Dietpi 9.12.1. Installed using the standard pivpn install curl -L https://install.pivpn.io | bash
I am unable to get a valid connection to my android phone client on mobile data. I cannot even ping my vpn server and naturally cannot access the internet.
Wireguard android app shows as connected but my server is not getting the handshake
::: Connected Clients List :::
Name Remote IP Virtual IP Bytes Received Bytes Sent Last Seen
ed-s23 (none) 10.173.22.2 0B 0B (not yet)
::: Disabled clients :::
My Pi IP is DHCP reserved and port fowarded on port 51820 on my router.
net.ipv4.ip_forward=1 is enabled in /etc/systctl.conf
PiVPN debug
::: Generating Debug Output
:::: PiVPN debug ::::
=============================================
:::: Latest commit ::::
Branch: master
Commit: 8cb0a4eab6bd2d1d670cce3f95fd16d9b8055861
Author: Rafael Alexandre
Date: Wed Apr 23 20:09:22 2025 +0200
Summary: add --client-ip/-ip 'auto' option + fix default/empty peer name logic
=============================================
:::: Installation settings ::::
PLAT=Debian
OSCN=bookworm
USING_UFW=0
pivpnforceipv6route=1
IPv4dev=eth0
dhcpReserv=1
IPv4addr=192.168.50.129/24
IPv4gw=192.168.50.1
install_user=dietpi
install_home=/home/dietpi
VPN=wireguard
pivpnPORT=51820
pivpnDNS1=10.173.22.1
pivpnDNS2=
pivpnHOST=REDACTED
INPUT_CHAIN_EDITED=1
FORWARD_CHAIN_EDITED=0
INPUT_CHAIN_EDITEDv6=
FORWARD_CHAIN_EDITEDv6=
pivpnPROTO=udp
pivpnMTU=1420
pivpnDEV=wg0
pivpnNET=10.173.22.0
subnetClass=24
pivpnenableipv6=0
ALLOWED_IPS="0.0.0.0/0, ::0/0"
UNATTUPG=1
INSTALLED_PACKAGES=(grepcidr bsdmainutils iptables-persistent wireguard-tools qrencode unattended-upgrades)
=============================================
:::: Server configuration shown below ::::
[Interface]
PrivateKey = server_priv
Address = 10.173.22.1/24
MTU = 1420
ListenPort = 51820
### begin ed-s23 ###
[Peer]
PublicKey = ed-s23_pub
PresharedKey = ed-s23_psk
AllowedIPs = 10.173.22.2/32
### end ed-s23 ###
=============================================
:::: Client configuration shown below ::::
[Interface]
PrivateKey = ed-s23_priv
Address = 10.173.22.2/24
DNS = 10.173.22.1
[Peer]
PublicKey = server_pub
PresharedKey = ed-s23_psk
Endpoint = REDACTED:51820
AllowedIPs = 0.0.0.0/0, ::0/0
=============================================
:::: Recursive list of files in ::::
:::: /etc/wireguard shown below ::::
/etc/wireguard:
configs
keys
wg0.conf
/etc/wireguard/configs:
clients.txt
ed-s23.conf
/etc/wireguard/keys:
ed-s23_priv
ed-s23_psk
ed-s23_pub
server_priv
server_pub
=============================================
:::: Self check ::::
:: [OK] IP forwarding is enabled
:: [OK] Iptables MASQUERADE rule set
:: [OK] Iptables INPUT rule set
:: [OK] WireGuard is running
:: [OK] WireGuard is enabled
(it will automatically start on reboot)
:: [OK] WireGuard is listening on port 51820/udp
=============================================
Wireguard configuration
dietpi@DietPi:~$ sudo cat /etc/wireguard/wg0.conf
[Interface]
PrivateKey = REDACTED
Address = 10.173.22.1/24
MTU = 1420
ListenPort = 51820
### begin ed-s23 ###
[Peer]
PublicKey = REDACTED
PresharedKey = REDACTED
AllowedIPs = 10.173.22.2/32
### end ed-s23 ###
iptables output
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT udp -- anywhere anywhere udp dpt:51820 /* wireguard-input-rule */
ACCEPT udp -- anywhere anywhere udp dpt:domain /* pihole-DNS-rule */
Any help is greatly appreciated. Ideally, it would be great to incorporate the pihole dns but I really only need this to reach my home network out and about.