Now I have a problem with my configuration. I have installed PiVPN and set it up with Wireguard and PiHole. My VPN connection works and I can access my DietPi vie SSH. But thats it. No other connection is working.
I set up PiHole via my Routers DNS entry. My Router is DHCP Server and give my clients my PiHole as first DNS.
When I connect via VPN now I have no internet connection and can not access my other Pi via SSH. The net.ipv4.ip_forward=1 option is enabled in my sysctl.conf.
Where can I configure this correctly or disable PiHole usage?
Pihole is responsible for DNS resolution only. Means you should be able to access your local network via direct IP. If this is not working, it has nothing to do with PiHole. On your VPN clients, I would set your VPN serevr/PiHole as DNS. I guess they are running on same SBC. Inside Pihole > DNS settings, you would need to activate Listen on all interfaces
Ok, so I changed on my Wireguard Android Client the DNS Server. PiHole and VPN are on the same machine (Pi 4). The settings are already set. But it still not working. Either internet nor ssh to another pi.
if you connect to other systems using SSH, do you use DNS name or an IP address. If it is an IP address, this hast nothing to do with PiHole. Most probably a routing issue. can you shares output of sysctl net.ipv4.ip_forward
I had docker installed but uninstsalled it after I haven’t the time to get used to it. Installation and uninstall are made through the software-dialogue.
trendy
It’s about Wireguard server installed on the DietPi device where it is not possible to reach systems behind DietPi/Wireguard server. Something wrong on routing from wg0 interface into local network.
Ok, first up: My problem is IPv6 only, so I kinda feel like hijacking this Thread. If you think I should open a new one, please let me know.
I also executed the suggested commands (although not IPv6 specific I guess) and this is th output before connecting the client to the server:
ip -4 addr:
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
inet 192.168.0.3/24 brd 192.168.0.255 scope global eth0
valid_lft forever preferred_lft forever
9: wg0: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1420 qdisc noqueue state UNKNOWN group default qlen 1000
inet 192.168.0.3/24 scope global wg0
valid_lft forever preferred_lft forever
ip -4 ro li table all:
default via 192.168.0.1 dev eth0 onlink
192.168.0.0/24 dev eth0 proto kernel scope link src 192.168.0.3
192.168.0.0/24 dev wg0 proto kernel scope link src 192.168.0.3
broadcast 127.0.0.0 dev lo table local proto kernel scope link src 127.0.0.1
local 127.0.0.0/8 dev lo table local proto kernel scope host src 127.0.0.1
local 127.0.0.1 dev lo table local proto kernel scope host src 127.0.0.1
broadcast 127.255.255.255 dev lo table local proto kernel scope link src 127.0.0.1
broadcast 192.168.0.0 dev eth0 table local proto kernel scope link src 192.168.0.3
broadcast 192.168.0.0 dev wg0 table local proto kernel scope link src 192.168.0.3
local 192.168.0.3 dev eth0 table local proto kernel scope host src 192.168.0.3
local 192.168.0.3 dev wg0 table local proto kernel scope host src 192.168.0.3
broadcast 192.168.0.255 dev eth0 table local proto kernel scope link src 192.168.0.3
broadcast 192.168.0.255 dev wg0 table local proto kernel scope link src 192.168.0.3
ip -4 ru:
0: from all lookup local
32766: from all lookup main
32767: from all lookup default
iptables-save -c:
And now, weird:
netstat -lnp:
-bash: netstat: command not found
After connecting to the wireguard server, the only output that changed was the missing
If your problem is with IPv6 only, then these commands will not give any useful output.
Better start a new thread and we can discuss it there.
I have updated the commands with sudo (in case you run them as dietpi user) and changed the obsolete netstat with ss (old habits die hard).