I installed latest release of Dietpi on my brand new Raspberry Pi Zero 2 W. After installed system, via dietpi-software I installed the following softwares:
PiVPN (with WireGuard)
After configuration, I added three devices to VPN with pivpn add command, two laptops (via conf file) and one smartphone (via QR code). All devices can connect correctly to VPN and ping the Pi Zero 2 (and connect via SSH, browse qBittorrent and Pi-hole web interfaces, etc…) but can’t connect to other devices in LAN (if I try to ping, I don’t receive response).
If I try to access internet when I’m connected to VPN, I can’t browse any web site, including Cloudflare DNS web site (https://22.214.171.124/).
I disabled DHCP server on my router, setted Pi Zero 2 IP address as DNS and enabled Pi-hole DCHP server; enabled Interface settings → Permit all origins in Pi-hole DNS settings and inside the /etc/sysctl.conf I have net.ipv4.ip_forward = 1.
I disabled DHCP and DNS on ISP router and enabled in Pi-hole.
I have similar configuration and settings at my parent’s home (Raspberry Pi 3 with Dietpi v8.0.2 based on Raspbian Buster, same ISP, slightly different router) and I have not problems…
Fail2Ban is not a firewall blocking assess on port level. It is blocking assess based on failed login attempts. But as I understood, you are able to access DietPi via Wireguard clients. What is not working, is to access anything else inside the local network and internet. Correct?
Would it be possible to share server and client configuration files? Just remove personal data like DDNS or keys
Now I’m at work (Pi with WireGuard is at home), if I try to connect to the VPN with one of the clients I added, the connection is successful, but at this point I can’t communicate (even just ping) with any device connected to the LAN except the Pi itself (if I do a ping to the IP of the Pi, this responds correctly, if I ping the IP of the router I do not get a response); to the Pi I can connect via SSH and I can browse the web interfaces of the programs I have installed (for example qBittorent and File Browser), I can also connect via FTP using FileZilla on the client and ping the router (from Pi connected via SSH).
This is the .conf file I used to configure the client I am using now:
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever
2: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 inet 192.168.22.4/24 brd 192.168.22.255 scope global wlan0 valid_lft forever preferred_lft forever
3: wg0: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1420 qdisc noqueue state UNKNOWN group default qlen 1000 inet 10.6.0.1/24 scope global wg0
valid_lft forever preferred_lft forever default via 192.168.22.254 dev wlan0 onlink
10.6.0.0/24 dev wg0 proto kernel scope link src 10.6.0.1
192.168.22.0/24 dev wlan0 proto kernel scope link src 192.168.22.4
broadcast 10.6.0.0 dev wg0 table local proto kernel scope link src 10.6.0.1
local 10.6.0.1 dev wg0 table local proto kernel scope host src 10.6.0.1
broadcast 10.6.0.255 dev wg0 table local proto kernel scope link src 10.6.0.1
broadcast 127.0.0.0 dev lo table local proto kernel scope link src 127.0.0.1
local 127.0.0.0/8 dev lo table local proto kernel scope host src 127.0.0.1
local 127.0.0.1 dev lo table local proto kernel scope host src 127.0.0.1
broadcast 127.255.255.255 dev lo table local proto kernel scope link src 127.0.0.1
broadcast 192.168.22.0 dev wlan0 table local proto kernel scope link src 192.168.22.4
local 192.168.22.4 dev wlan0 table local proto kernel scope host src 192.168.22.4
broadcast 192.168.22.255 dev wlan0 table local proto kernel scope link src 192.168.22.4
0: from all lookup local
32766: from all lookup main
32767: from all lookup default