Trying to install wireguard - Checking DNS resolver failed

Hi there,

I tried installing wireguard via dietpi-software but the DNS resolver check fails which blocks further installation steps.

If that helps: I removed a pihole and wireguard installation to start from scratch.

DNS server has been reset to during uninstall.

Any help would be much appreciated. Thank you!


┌──────────────────────────────────┤ DietPi-Software ├─────────────────────────────────
Checking DNS resolver                                                                  ││  - Command: ping -c 1 -W 5                                             ││  - Exit code: 1                                                                        ││  - DietPi version: v7.2.3 (MichaIng/master) | HW_MODEL: 3 | HW_ARCH: 2 | DISTRO: 5     ││  - Image creator: DietPi Core Team                                                     ││  - Pre-image: Raspbian Lite                                                            ││  - Error log:                                                                          ││ PING (2606:4700:4700::1111)) 56 data bytes             ││                                                                                        ││ --- ping statistics ---                                                ││ 1 packets transmitted, 0 received, 100% packet loss, time 0ms


sould be easy to fix :slight_smile:

can you try following just to check

ping -c 1 -W 5

Same result:

root@DietPi:~# ping -c 1 -W 5
PING (2606:4700:4700::1111)) 56 data bytes

--- ping statistics ---
1 packets transmitted, 0 received, 100% packet loss, time 0ms

you have IPv6 activated. Is it really used? If not, I recommend to have it deactivated

I have disabled it on the PI. Resolving works now.

Do I need to disable ipv6 on my Fritzbox (behind a router in bridgemode) as well to establish the VPN tunnel successfully?

Currently, there is no successful handshake using the default wireguard server and client settings.

if not really needed go for IPv4 only. This will make thinks easier. Personally I’m using a FritzBox behind a Speedport. WireGuard is installed on myRPi4B and working without issues. I completely disabled IPv6 :slight_smile:

Also, from my experience, you won’t ever get a successful handshake from inside your network, if you’re trying it there, with your public IP address as your endpoint. If you change the address of the endpoint to your device’s local IP address, it should work.

Even if it doesn’t make sense, but I can connect to my WireGuard server inside my local network using the DDNS :wink:

So, ipv6 is now disabled on the Fritzbox as well.

But, still no handshake when enabling wireguard on my phone.

I tested within the same WiFi network but also via mobile connection. I cannot SSH into my PI.

Dynamic DNS is setup via dietpi-config and endpoint can be reached (successful test in dietpi).

Port 51820 (upd) forwarding is set up for the PI’s IP address on the Fritzbox.

Not sure where to go from here to make wireguard working.

Not even sure if it is the Fritzbox or the pi at this point.

If I understood correctly your FritzBox is sitting behind another router. Did you activated port forwarding as well on this box? I guess this is the internet router.

That was it.

I entered a forwarding rule into the router that is in bridgemode to forward requests on 51820 to the fritzbox IP.

Wireguard now works, I can access my PI in LAN and via mobile connection.

:slight_smile: great

Let me pick your brain here if you don’t mind.

Something I don’t quite understand is:
When I am connected via WiFi (being at home), all works as expected (ads are blocked, VPN works)

But when I am on mobile data, ads are no longer blocked as my Fritzbox takes the DNS from my bridged router which of course isn’t my pi so my ISP resolves things and bypasses the pihole.

How would I need to setup things (i.e. the Fritzbox) to also have ad blocking when on the go? Is that possible when the Fritzbox is behind a router in bridgemode?

I tried to give my Fritzbox a static IP (under internet settings) that matches the he gets via DHCP at the moment (i.e. with the bridged router having by default) and setting the DNS server to my PI IP address. But this blocks Internet connection so something is wrong with how I approach things.

Could you support here as well? That would be great.

No need to change anything on your FritzBox or another router. You need to set correct DNS server inside the Wireguard client app. What is the current DNS on the client?

Current DNS in the wireguard client is

Is this the server where PiHole is running on? Usually your Wireguard client will use Pihole and you should see the well in PiHole. At least as long as you pass the entire traffic to the VPN tunnel.

Yes, that is the server the pihole is running on.

I can try to change that IP to the static PI address and see if that helps.

Your comment re the full tunnel might be the challenge here.

If I pass all traffic through the tunnel, speed is super slow

So what I have entered into ‘allowed IPs’ is
‘,’ assuming this would cover the VPN interface range as well as the Fritzbox Lan internal range.
I did this to not pass all traffic through VPN but only the DNS traffic (split tunnel)

you could go for the local network only and change DNS in your clients to the local lan address of your DietPi system. This ways your clients should be able to reach PiHole as well.

Change the DNS in the clients: where would you change that? Are you referring to change the DNS for every client on the client?

I would like to avoid this fiddling around and have it sorted automatically for very client that connects via wireguard VPN.

Any other idea why things (pihole ad blocking) don’t work when out of home and connected via mobile data and active VPN tunnel?
Does that work with your setup?

I am a little clueless having so many places to change things (router in bridge mode, Fritzbox behind, pihole, wireguard server, smartphone).

You are playing way to much on various devices. :wink:
Just concentrate on a single mobile device and on the VPN connection to use PiHole.
No need to perform any setting on any router.

Yes, for me AdBlocking is working if I’m away from home as my WireGuard clients use PiHole as DNS server

You need to ensure for Pihole to be configured to LISTEN on all local interfaces

pihole -a -i local

Below you can see my client config on a mobile device

And next screen is showing my client using PiHole, including blocked request

Important is to see WireGuard clients in PiHole dashboard.