VPN "in" and VPN for Deluge conflict

Question is if it is a DNS issue or something else. To verify the DNS request, you need to filter tcpdump like this

tcpdump -i any -c500 -nn port 53 or port 5335

10.122.89.2 is what exactly? It seems that it is trying to do a TCP handshake with twitter[.]com server (so it is not a DNS issue, as the resolving is finished) but the twitter[.]com is not responding. Maybe they have filtered the surfshark addresses?

Thanks @Joulinar for your correction, all this is new to me
So, the strangest thing is that it connects to the website, it loads the “frame” of the site but not the content (twitter or reddit).
Regarding your question @trendy yes, it’s Surfshark. But if I open a VPN connection on my mobile (last iOS) it works without any hiccups.

So I’ve done as Joulinar said and here is the result (limited to wg0, the VPN from my mobile)

root@DietPi:~# tcpdump -i wg0 -c500 -nn port 53 or port 5335
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on wg0, link-type RAW (Raw IP), snapshot length 262144 bytes
15:10:20.297125 IP 10.122.89.2.56482 > 10.122.89.1.53: 55930+ AAAA? static.ads-twitter.com. (40)
15:10:20.297128 IP 10.122.89.2.63390 > 10.122.89.1.53: 47744+ A? static.ads-twitter.com. (40)
15:10:20.297775 IP 10.122.89.1.53 > 10.122.89.2.56482: 55930* 1/0/0 AAAA :: (68)
15:10:20.298064 IP 10.122.89.1.53 > 10.122.89.2.63390: 47744* 1/0/0 A 0.0.0.0 (56)
15:10:39.809686 IP 10.122.89.2.51688 > 10.122.89.1.53: 37120+ AAAA? static.ads-twitter.com. (40)
15:10:39.809690 IP 10.122.89.2.65317 > 10.122.89.1.53: 15356+ A? static.ads-twitter.com. (40)
15:10:39.810272 IP 10.122.89.1.53 > 10.122.89.2.51688: 37120* 1/0/0 AAAA :: (68)
15:10:39.810551 IP 10.122.89.1.53 > 10.122.89.2.65317: 15356* 1/0/0 A 0.0.0.0 (56)
15:10:45.392206 IP 10.122.89.2.64972 > 10.122.89.1.53: 3458+ Type65? clients1.google.com. (37)
15:10:45.392208 IP 10.122.89.2.57071 > 10.122.89.1.53: 3698+ AAAA? clients1.google.com. (37)
15:10:45.397096 IP 10.122.89.2.57156 > 10.122.89.1.53: 59466+ A? clients1.google.com. (37)
15:10:45.645624 IP 10.122.89.1.53 > 10.122.89.2.64972: 3458 1/1/0 CNAME clients.l.google.com. (111)
15:10:45.651884 IP 10.122.89.1.53 > 10.122.89.2.57071: 3698 2/0/0 CNAME clients.l.google.com., AAAA 2a00:1450:400e:80f::200e (89)
15:10:45.666822 IP 10.122.89.1.53 > 10.122.89.2.57156: 59466 2/0/0 CNAME clients.l.google.com., A 142.251.36.14 (77)
15:10:45.672141 IP 10.122.89.2.60680 > 10.122.89.1.53: 56992+ Type65? clients.l.google.com. (38)
15:10:45.673509 IP 10.122.89.1.53 > 10.122.89.2.60680: 56992 0/1/0 (88)
15:10:47.594907 IP 10.122.89.2.57440 > 10.122.89.1.53: 24751+ Type65? www.reddit.com. (32)
15:10:47.595080 IP 10.122.89.2.61782 > 10.122.89.1.53: 6606+ AAAA? www.reddit.com. (32)
15:10:47.595082 IP 10.122.89.2.55776 > 10.122.89.1.53: 33875+ A? www.reddit.com. (32)
15:10:47.694669 IP 10.122.89.2.59450 > 10.122.89.1.53: 25860+ Type65? config.aps.amazon-adsystem.com. (48)
15:10:47.694672 IP 10.122.89.2.59799 > 10.122.89.1.53: 23592+ AAAA? config.aps.amazon-adsystem.com. (48)
15:10:47.700164 IP 10.122.89.2.64995 > 10.122.89.1.53: 23399+ A? config.aps.amazon-adsystem.com. (48)
15:10:47.700167 IP 10.122.89.2.53136 > 10.122.89.1.53: 48472+ Type65? www.googletagservices.com. (43)
15:10:47.700169 IP 10.122.89.2.56926 > 10.122.89.1.53: 16193+ AAAA? www.googletagservices.com. (43)
15:10:47.700171 IP 10.122.89.2.60058 > 10.122.89.1.53: 13918+ A? www.googletagservices.com. (43)
15:10:47.700173 IP 10.122.89.2.57817 > 10.122.89.1.53: 29501+ Type65? c.amazon-adsystem.com. (39)
15:10:47.700174 IP 10.122.89.2.62891 > 10.122.89.1.53: 55161+ AAAA? c.amazon-adsystem.com. (39)
15:10:47.700176 IP 10.122.89.2.52521 > 10.122.89.1.53: 47888+ A? c.amazon-adsystem.com. (39)
15:10:47.701986 IP 10.122.89.1.53 > 10.122.89.2.53136: 48472 0/0/0 (43)
15:10:47.702742 IP 10.122.89.1.53 > 10.122.89.2.56926: 16193* 1/0/0 AAAA :: (71)
15:10:47.703492 IP 10.122.89.1.53 > 10.122.89.2.60058: 13918* 1/0/0 A 0.0.0.0 (59)
15:10:47.705394 IP 10.122.89.1.53 > 10.122.89.2.57817: 29501 0/0/0 (39)
15:10:47.706236 IP 10.122.89.1.53 > 10.122.89.2.62891: 55161* 1/0/0 AAAA :: (67)
15:10:47.706947 IP 10.122.89.1.53 > 10.122.89.2.52521: 47888* 1/0/0 A 0.0.0.0 (55)
15:10:47.916848 IP 10.122.89.1.53 > 10.122.89.2.55776: 33875 2/0/0 CNAME dualstack.reddit.map.fastly.net., A 199.232.149.140 (93)
15:10:48.002082 IP 10.122.89.1.53 > 10.122.89.2.57440: 24751 1/1/0 CNAME dualstack.reddit.map.fastly.net. (135)
15:10:48.004337 IP 10.122.89.1.53 > 10.122.89.2.61782: 6606 2/0/0 CNAME dualstack.reddit.map.fastly.net., AAAA 2a04:4e42:65::396 (105)
15:10:48.017049 IP 10.122.89.1.53 > 10.122.89.2.64995: 23399 4/0/0 A 13.225.10.79, A 13.225.10.102, A 13.225.10.9, A 13.225.10.94 (112)
15:10:48.019679 IP 10.122.89.2.50124 > 10.122.89.1.53: 60961+ Type65? dualstack.reddit.map.fastly.net. (49)
15:10:48.021060 IP 10.122.89.1.53 > 10.122.89.2.50124: 60961 0/1/0 (110)
15:10:48.042342 IP 10.122.89.1.53 > 10.122.89.2.59450: 25860 0/1/0 (130)
15:10:48.067964 IP 10.122.89.1.53 > 10.122.89.2.59799: 23592 0/1/0 (130)
15:10:49.949785 IP 10.122.89.2.56222 > 10.122.89.1.53: 33614+ Type65? accounts.google.com. (37)
15:10:49.954877 IP 10.122.89.2.51512 > 10.122.89.1.53: 33355+ AAAA? accounts.google.com. (37)
15:10:49.955054 IP 10.122.89.2.50085 > 10.122.89.1.53: 24268+ A? accounts.google.com. (37)
15:10:50.052636 IP 10.122.89.1.53 > 10.122.89.2.50085: 24268 1/0/0 A 142.250.102.84 (53)
15:10:50.096050 IP 10.122.89.1.53 > 10.122.89.2.56222: 33614 0/1/0 (87)
15:10:50.137771 IP 10.122.89.1.53 > 10.122.89.2.51512: 33355 1/0/0 AAAA 2a00:1450:4025:402::54 (65)
15:10:50.149920 IP 10.122.89.2.52111 > 10.122.89.1.53: 57749+ Type65? oauth.reddit.com. (34)
15:10:50.154910 IP 10.122.89.2.64913 > 10.122.89.1.53: 59395+ AAAA? oauth.reddit.com. (34)
15:10:50.155070 IP 10.122.89.2.53598 > 10.122.89.1.53: 54937+ A? oauth.reddit.com. (34)
15:10:50.155072 IP 10.122.89.2.55491 > 10.122.89.1.53: 62561+ Type65? gql.reddit.com. (32)
15:10:50.155074 IP 10.122.89.2.50862 > 10.122.89.1.53: 25254+ AAAA? gql.reddit.com. (32)
15:10:50.155077 IP 10.122.89.2.53408 > 10.122.89.1.53: 19766+ A? gql.reddit.com. (32)
15:10:50.169086 IP 10.122.89.1.53 > 10.122.89.2.53408: 19766 2/0/0 CNAME reddit.map.fastly.net., A 199.232.149.140 (83)
15:10:50.240968 IP 10.122.89.1.53 > 10.122.89.2.53598: 54937 2/0/0 CNAME reddit.map.fastly.net., A 199.232.149.140 (85)
15:10:50.254086 IP 10.122.89.1.53 > 10.122.89.2.50862: 25254 1/1/0 CNAME reddit.map.fastly.net. (125)
15:10:50.269841 IP 10.122.89.2.61285 > 10.122.89.1.53: 59919+ AAAA? reddit.map.fastly.net. (39)
15:10:50.270387 IP 10.122.89.1.53 > 10.122.89.2.61285: 59919 0/0/0 (39)
15:10:50.279667 IP 10.122.89.1.53 > 10.122.89.2.55491: 62561 1/1/0 CNAME reddit.map.fastly.net. (125)
15:10:50.294868 IP 10.122.89.2.59224 > 10.122.89.1.53: 58454+ Type65? reddit.map.fastly.net. (39)
15:10:50.296628 IP 10.122.89.1.53 > 10.122.89.2.59224: 58454 0/1/0 (100)
15:10:50.326367 IP 10.122.89.1.53 > 10.122.89.2.64913: 59395 1/1/0 CNAME reddit.map.fastly.net. (127)
15:10:50.326760 IP 10.122.89.1.53 > 10.122.89.2.52111: 57749 1/1/0 CNAME reddit.map.fastly.net. (127)
15:10:50.839869 IP 10.122.89.2.57573 > 10.122.89.1.53: 55280+ Type65? www.google-analytics.com. (42)
15:10:50.840028 IP 10.122.89.2.62607 > 10.122.89.1.53: 53600+ AAAA? www.google-analytics.com. (42)
15:10:50.840887 IP 10.122.89.1.53 > 10.122.89.2.57573: 55280 0/0/0 (42)
15:10:50.841529 IP 10.122.89.1.53 > 10.122.89.2.62607: 53600* 1/0/0 AAAA :: (70)
15:10:50.849894 IP 10.122.89.2.60920 > 10.122.89.1.53: 25421+ A? www.google-analytics.com. (42)
15:10:50.850059 IP 10.122.89.2.60672 > 10.122.89.1.53: 26305+ Type65? www.googletagmanager.com. (42)
15:10:50.850919 IP 10.122.89.1.53 > 10.122.89.2.60920: 25421* 1/0/0 A 0.0.0.0 (58)
15:10:50.851747 IP 10.122.89.1.53 > 10.122.89.2.60672: 26305 0/0/0 (42)
15:10:50.854711 IP 10.122.89.2.54732 > 10.122.89.1.53: 9739+ AAAA? www.googletagmanager.com. (42)
15:10:50.854824 IP 10.122.89.2.54143 > 10.122.89.1.53: 42401+ A? www.googletagmanager.com. (42)
15:10:50.855575 IP 10.122.89.1.53 > 10.122.89.2.54732: 9739* 1/0/0 AAAA :: (70)
15:10:50.856176 IP 10.122.89.1.53 > 10.122.89.2.54143: 42401* 1/0/0 A 0.0.0.0 (58)
15:10:51.119737 IP 10.122.89.2.59965 > 10.122.89.1.53: 33675+ Type65? events.redditmedia.com. (40)
15:10:51.119742 IP 10.122.89.2.53542 > 10.122.89.1.53: 34496+ AAAA? events.redditmedia.com. (40)
15:10:51.121688 IP 10.122.89.1.53 > 10.122.89.2.59965: 33675 0/0/0 (40)
15:10:51.122203 IP 10.122.89.1.53 > 10.122.89.2.53542: 34496* 1/0/0 AAAA :: (68)
15:10:51.124679 IP 10.122.89.2.50145 > 10.122.89.1.53: 55449+ A? events.redditmedia.com. (40)
15:10:51.125307 IP 10.122.89.1.53 > 10.122.89.2.50145: 55449* 1/0/0 A 0.0.0.0 (56)
15:11:08.010090 IP 10.122.89.2.54747 > 10.122.89.1.53: 23261+ Type65? ip00am4sn.com. (31)
15:11:08.010093 IP 10.122.89.2.59855 > 10.122.89.1.53: 57559+ AAAA? ip00am4sn.com. (31)
15:11:08.014780 IP 10.122.89.2.57854 > 10.122.89.1.53: 39351+ A? ip00am4sn.com. (31)
15:11:08.212411 IP 10.122.89.1.53 > 10.122.89.2.57854: 39351 1/0/0 A 212.117.190.201 (47)
15:11:08.338313 IP 10.122.89.1.53 > 10.122.89.2.59855: 57559 0/1/0 (115)
15:11:08.353603 IP 10.122.89.1.53 > 10.122.89.2.54747: 23261 0/1/0 (115)
15:11:13.410084 IP 10.122.89.2.58528 > 10.122.89.1.53: 41703+ Type65? configuration.apple.com. (41)
15:11:13.410087 IP 10.122.89.2.64147 > 10.122.89.1.53: 21619+ AAAA? configuration.apple.com. (41)
15:11:13.411716 IP 10.122.89.1.53 > 10.122.89.2.64147: 21619 8/0/0 CNAME configuration.apple.com.akadns.net., CNAME configuration.apple.com.edgekey.net., CNAME e673.dsce9.akamaiedge.net., AAAA 2a02:26f0:b200:184::2a1, AAAA 2a02:26f0:b200:1bd::2a1, AAAA 2a02:26f0:b200:1a6::2a1, AAAA 2a02:26f0:b200:187::2a1, AAAA 2a02:26f0:b200:1b8::2a1 (317)
15:11:13.412513 IP 10.122.89.1.53 > 10.122.89.2.58528: 41703 3/1/0 CNAME configuration.apple.com.akadns.net., CNAME configuration.apple.com.edgekey.net., CNAME e673.dsce9.akamaiedge.net. (233)
15:11:13.415018 IP 10.122.89.2.49368 > 10.122.89.1.53: 64918+ A? configuration.apple.com. (41)
15:11:13.415864 IP 10.122.89.1.53 > 10.122.89.2.49368: 64918 4/0/0 CNAME configuration.apple.com.akadns.net., CNAME configuration.apple.com.edgekey.net., CNAME e673.dsce9.akamaiedge.net., A 23.213.168.27 (193)
15:11:13.424904 IP 10.122.89.2.59985 > 10.122.89.1.53: 1393+ Type65? e673.dsce9.akamaiedge.net. (43)
15:11:13.426190 IP 10.122.89.1.53 > 10.122.89.2.59985: 1393 0/1/0 (108)
15:11:15.192548 IP 10.122.89.2.60211 > 10.122.89.1.53: 21631+ Type65? api.twitter.com. (33)
15:11:15.192553 IP 10.122.89.2.60071 > 10.122.89.1.53: 47394+ AAAA? api.twitter.com. (33)
15:11:15.193790 IP 10.122.89.1.53 > 10.122.89.2.60071: 47394 1/0/0 CNAME tpop-api.twitter.com. (67)
15:11:15.194304 IP 10.122.89.1.53 > 10.122.89.2.60211: 21631 1/1/0 CNAME tpop-api.twitter.com. (121)
15:11:15.197574 IP 10.122.89.2.60545 > 10.122.89.1.53: 56742+ A? api.twitter.com. (33)
15:11:15.198234 IP 10.122.89.1.53 > 10.122.89.2.60545: 56742 2/0/0 CNAME tpop-api.twitter.com., A 104.244.42.130 (83)
15:11:15.212390 IP 10.122.89.2.50498 > 10.122.89.1.53: 12077+ Type65? tpop-api.twitter.com. (38)
15:11:15.212520 IP 10.122.89.2.58432 > 10.122.89.1.53: 4650+ AAAA? tpop-api.twitter.com. (38)
15:11:15.213488 IP 10.122.89.1.53 > 10.122.89.2.58432: 4650 0/0/0 (38)
15:11:15.213984 IP 10.122.89.1.53 > 10.122.89.2.50498: 12077 0/1/0 (103)
15:11:15.467387 IP 10.122.89.2.54009 > 10.122.89.1.53: 24998+ Type65? www.euractiv.com. (34)
15:11:15.467449 IP 10.122.89.2.56610 > 10.122.89.1.53: 25015+ AAAA? www.euractiv.com. (34)
15:11:15.472441 IP 10.122.89.2.63037 > 10.122.89.1.53: 17173+ A? www.euractiv.com. (34)
15:11:15.572439 IP 10.122.89.2.51812 > 10.122.89.1.53: 3166+ Type65? t.co. (22)
15:11:15.574011 IP 10.122.89.1.53 > 10.122.89.2.51812: 3166 0/1/0 (90)
15:11:15.582362 IP 10.122.89.2.60262 > 10.122.89.1.53: 9539+ AAAA? t.co. (22)
15:11:15.582475 IP 10.122.89.2.51836 > 10.122.89.1.53: 35012+ A? t.co. (22)
15:11:15.582887 IP 10.122.89.1.53 > 10.122.89.2.60262: 9539 0/0/0 (22)
15:11:15.583512 IP 10.122.89.1.53 > 10.122.89.2.51836: 35012 4/0/0 A 104.244.42.133, A 104.244.42.197, A 104.244.42.69, A 104.244.42.5 (86)
15:11:15.632463 IP 10.122.89.1.53 > 10.122.89.2.63037: 17173 1/0/0 A 217.19.234.2 (50)
15:11:15.731494 IP 10.122.89.1.53 > 10.122.89.2.56610: 25015 0/1/0 (111)
15:11:15.732446 IP 10.122.89.1.53 > 10.122.89.2.54009: 24998 0/1/0 (111)
15:11:15.850057 IP 10.122.89.2.49969 > 10.122.89.1.53: 16594+ Type65? api-glb-aeuw3c.smoot.apple.com. (48)
15:11:15.850226 IP 10.122.89.2.62115 > 10.122.89.1.53: 28207+ AAAA? api-glb-aeuw3c.smoot.apple.com. (48)
15:11:15.855081 IP 10.122.89.2.61041 > 10.122.89.1.53: 25377+ A? api-glb-aeuw3c.smoot.apple.com. (48)
15:11:15.855419 IP 10.122.89.2.52607 > 10.122.89.1.53: 59619+ Type65? www.ehow.com. (30)
15:11:15.855480 IP 10.122.89.2.65362 > 10.122.89.1.53: 18729+ AAAA? www.ehow.com. (30)
15:11:15.855483 IP 10.122.89.2.54480 > 10.122.89.1.53: 41141+ A? www.ehow.com. (30)
15:11:15.949434 IP 10.122.89.1.53 > 10.122.89.2.61041: 25377 2/0/0 CNAME smoot-searchv2-aeuw3c.v.aaplimg.com., A 35.181.25.252 (110)
15:11:15.979851 IP 10.122.89.1.53 > 10.122.89.2.49969: 16594 1/1/0 CNAME smoot-searchv2-aeuw3c.v.aaplimg.com. (148)
15:11:15.994962 IP 10.122.89.2.61605 > 10.122.89.1.53: 35603+ Type65? smoot-searchv2-aeuw3c.v.aaplimg.com. (53)
15:11:15.996484 IP 10.122.89.1.53 > 10.122.89.2.61605: 35603 0/1/0 (113)
15:11:16.021748 IP 10.122.89.1.53 > 10.122.89.2.54480: 41141 1/0/0 A 23.207.110.82 (46)
15:11:16.076629 IP 10.122.89.1.53 > 10.122.89.2.62115: 28207 1/1/0 CNAME smoot-searchv2-aeuw3c.v.aaplimg.com. (148)
15:11:16.095005 IP 10.122.89.2.54353 > 10.122.89.1.53: 53536+ AAAA? smoot-searchv2-aeuw3c.v.aaplimg.com. (53)
15:11:16.095573 IP 10.122.89.1.53 > 10.122.89.2.54353: 53536 0/0/0 (53)
15:11:16.105905 IP 10.122.89.1.53 > 10.122.89.2.52607: 59619 0/1/0 (89)
15:11:16.307124 IP 10.122.89.1.53 > 10.122.89.2.65362: 18729 0/1/0 (89)
15:11:16.655073 IP 10.122.89.2.63235 > 10.122.89.1.53: 58890+ Type65? twitter.com. (29)
15:11:16.656702 IP 10.122.89.1.53 > 10.122.89.2.63235: 58890 0/1/0 (94)
15:11:16.665088 IP 10.122.89.2.56894 > 10.122.89.1.53: 15724+ AAAA? twitter.com. (29)
15:11:16.665236 IP 10.122.89.2.49493 > 10.122.89.1.53: 924+ A? twitter.com. (29)
15:11:16.665698 IP 10.122.89.1.53 > 10.122.89.2.56894: 15724 0/0/0 (29)
15:11:16.666275 IP 10.122.89.1.53 > 10.122.89.2.49493: 924 4/0/0 A 104.244.42.129, A 104.244.42.1, A 104.244.42.193, A 104.244.42.65 (93)
15:11:22.413087 IP 10.122.89.2.51114 > 10.122.89.1.53: 5524+ Type65? www.publico.pt. (32)
15:11:22.413090 IP 10.122.89.2.61748 > 10.122.89.1.53: 9989+ AAAA? www.publico.pt. (32)
15:11:22.419915 IP 10.122.89.2.59150 > 10.122.89.1.53: 12768+ A? www.publico.pt. (32)
15:11:22.447299 IP 10.122.89.2.53197 > 10.122.89.1.53: 47152+ Type65? static.publicocdn.com. (39)
15:11:22.447667 IP 10.122.89.2.50504 > 10.122.89.1.53: 53613+ AAAA? static.publicocdn.com. (39)
15:11:22.450482 IP 10.122.89.2.52054 > 10.122.89.1.53: 44187+ A? static.publicocdn.com. (39)
15:11:22.852068 IP 10.122.89.1.53 > 10.122.89.2.51114: 5524 1/1/0 CNAME d2myb36x6mulj5.cloudfront.net. (162)
15:11:22.877492 IP 10.122.89.1.53 > 10.122.89.2.59150: 12768 5/0/0 CNAME d2myb36x6mulj5.cloudfront.net., A 18.238.243.63, A 18.238.243.121, A 18.238.243.37, A 18.238.243.70 (139)
15:11:22.901712 IP 10.122.89.2.54587 > 10.122.89.1.53: 44284+ Type65? d2myb36x6mulj5.cloudfront.net. (47)
15:11:22.903488 IP 10.122.89.1.53 > 10.122.89.2.54587: 44284 0/1/0 (134)
15:11:22.923797 IP 10.122.89.1.53 > 10.122.89.2.61748: 9989 1/1/0 CNAME d2myb36x6mulj5.cloudfront.net. (162)
15:11:22.940893 IP 10.122.89.2.57854 > 10.122.89.1.53: 32535+ AAAA? d2myb36x6mulj5.cloudfront.net. (47)
15:11:22.941398 IP 10.122.89.1.53 > 10.122.89.2.57854: 32535 0/0/0 (47)
15:11:22.965475 IP 10.122.89.1.53 > 10.122.89.2.53197: 47152 1/1/0 CNAME d121s2m54m3ubs.cloudfront.net. (160)
15:11:22.966212 IP 10.122.89.1.53 > 10.122.89.2.50504: 53613 1/1/0 CNAME d121s2m54m3ubs.cloudfront.net. (160)
15:11:22.990153 IP 10.122.89.2.50709 > 10.122.89.1.53: 53246+ Type65? d121s2m54m3ubs.cloudfront.net. (47)
15:11:22.990238 IP 10.122.89.2.51564 > 10.122.89.1.53: 39090+ AAAA? d121s2m54m3ubs.cloudfront.net. (47)
15:11:22.990746 IP 10.122.89.1.53 > 10.122.89.2.51564: 39090 0/0/0 (47)
15:11:22.990894 IP 10.122.89.1.53 > 10.122.89.2.50709: 53246 0/1/0 (128)
15:11:23.042685 IP 10.122.89.1.53 > 10.122.89.2.52054: 44187 5/0/0 CNAME d121s2m54m3ubs.cloudfront.net., A 108.156.60.121, A 108.156.60.76, A 108.156.60.124, A 108.156.60.41 (146)
15:11:23.420345 IP 10.122.89.2.61815 > 10.122.89.1.53: 40425+ Type65? www.whatsmyip.org. (35)
15:11:23.420348 IP 10.122.89.2.49196 > 10.122.89.1.53: 33526+ AAAA? www.whatsmyip.org. (35)
15:11:23.420350 IP 10.122.89.2.50279 > 10.122.89.1.53: 52049+ A? www.whatsmyip.org. (35)
15:11:23.942956 IP 10.122.89.1.53 > 10.122.89.2.50279: 52049 1/0/0 A 208.79.209.138 (51)
15:11:24.115733 IP 10.122.89.1.53 > 10.122.89.2.49196: 33526 0/0/0 (35)
15:11:24.115862 IP 10.122.89.1.53 > 10.122.89.2.61815: 40425 0/0/0 (35)
15:11:25.645073 IP 10.122.89.2.56683 > 10.122.89.1.53: 6276+ AAAA? events.redditmedia.com. (40)
15:11:25.645223 IP 10.122.89.2.58502 > 10.122.89.1.53: 19939+ A? events.redditmedia.com. (40)
15:11:25.645768 IP 10.122.89.1.53 > 10.122.89.2.56683: 6276* 1/0/0 AAAA :: (68)
15:11:25.646053 IP 10.122.89.1.53 > 10.122.89.2.58502: 19939* 1/0/0 A 0.0.0.0 (56)
^C
170 packets captured
170 packets received by filter
0 packets dropped by kernel

If the tunnel is running on dietpi, which is my understanding, then the results are correct and there is no problem with the dns.
It is not clear what do you mean by “the VPN from my mobile”.

As I lack precise terminology I used my plain English to explain my situation.

I have a RBPi with dietpi on my local network, with Surfshark as a VPN, PiHole and Unbound.
What I’m trying to do is to connect my iPhone to my local network when I’m out, and for doing so I created a second VPN, from my mobile phone to my local network, using Wireguard.

I have access to my network, I can surf most part of the web but some website simply stop loading, as Twitter / Reddit / whatsmyip . Even changing my upstream DNS on PiHole or disabling it doesn’t solve this issue.

I don’t think this is a DNS issue or related to PiHole. Might be some packages not going the right way if using public Surfshark + WG Server on DietPi

Let’s have a look. Please post the output of the following from dietpi:

ip -4 addr; ip -4 ro list table all; ip -4 ru; \
iptables-save -c

Here it goes

(Just to remember some context, I applied this modification to the wireguards configurations)

: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    inet 192.168.1.73/24 brd 192.168.1.255 scope global dynamic noprefixroute eth0
       valid_lft 2599sec preferred_lft 2149sec
3: wg0: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1420 qdisc noqueue state UNKNOWN group default qlen 1000
    inet 10.122.89.1/24 scope global wg0
       valid_lft forever preferred_lft forever
5: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default 
    inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
       valid_lft forever preferred_lft forever
7: veth4cfdde5@if6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default  link-netnsid 0
    inet 169.254.177.113/16 brd 169.254.255.255 scope global noprefixroute veth4cfdde5
       valid_lft forever preferred_lft forever
12: surfshark-01: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1420 qdisc noqueue state UNKNOWN group default qlen 1000
    inet 10.14.0.2/16 scope global surfshark-01
       valid_lft forever preferred_lft forever
default dev surfshark-01 table 51820 scope link 
default via 192.168.1.254 dev eth0 proto dhcp src 192.168.1.73 metric 202 
10.14.0.0/16 dev surfshark-01 proto kernel scope link src 10.14.0.2 
10.122.89.0/24 dev wg0 proto kernel scope link src 10.122.89.1 
169.254.0.0/16 dev veth4cfdde5 scope link src 169.254.177.113 metric 207 
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 
192.168.1.0/24 dev eth0 proto dhcp scope link src 192.168.1.73 metric 202 
local 10.14.0.2 dev surfshark-01 table local proto kernel scope host src 10.14.0.2 
broadcast 10.14.255.255 dev surfshark-01 table local proto kernel scope link src 10.14.0.2 
local 10.122.89.1 dev wg0 table local proto kernel scope host src 10.122.89.1 
broadcast 10.122.89.255 dev wg0 table local proto kernel scope link src 10.122.89.1 
local 127.0.0.0/8 dev lo table local proto kernel scope host src 127.0.0.1 
local 127.0.0.1 dev lo table local proto kernel scope host src 127.0.0.1 
broadcast 127.255.255.255 dev lo table local proto kernel scope link src 127.0.0.1 
local 169.254.177.113 dev veth4cfdde5 table local proto kernel scope host src 169.254.177.113 
broadcast 169.254.255.255 dev veth4cfdde5 table local proto kernel scope link src 169.254.177.113 
local 172.17.0.1 dev docker0 table local proto kernel scope host src 172.17.0.1 
broadcast 172.17.255.255 dev docker0 table local proto kernel scope link src 172.17.0.1 
local 192.168.1.73 dev eth0 table local proto kernel scope host src 192.168.1.73 
broadcast 192.168.1.255 dev eth0 table local proto kernel scope link src 192.168.1.73 
0:	from all lookup local
32764:	from all lookup main suppress_prefixlength 0
32765:	not from all fwmark 0xca6c lookup 51820
32766:	from all lookup main
32767:	from all lookup default
# Generated by iptables-save v1.8.7 on Mon Dec  4 15:17:56 2023
*mangle
:PREROUTING ACCEPT [2807112:946469024]
:INPUT ACCEPT [2799965:945871781]
:FORWARD ACCEPT [7126:594673]
:OUTPUT ACCEPT [2697408:3718693582]
:POSTROUTING ACCEPT [2821917:3730219499]
[1472580:537349285] -A PREROUTING -p udp -m comment --comment "wg-quick(8) rule for surfshark-01" -j CONNMARK --restore-mark --nfmask 0xffffffff --ctmask 0xffffffff
[739376:432313768] -A POSTROUTING -p udp -m mark --mark 0xca6c -m comment --comment "wg-quick(8) rule for surfshark-01" -j CONNMARK --save-mark --nfmask 0xffffffff --ctmask 0xffffffff
COMMIT
# Completed on Mon Dec  4 15:17:56 2023
# Generated by iptables-save v1.8.7 on Mon Dec  4 15:17:56 2023
*raw
:PREROUTING ACCEPT [2807112:946469024]
:OUTPUT ACCEPT [2697408:3718693582]
[0:0] -A PREROUTING -d 10.14.0.2/32 ! -i surfshark-01 -m addrtype ! --src-type LOCAL -m comment --comment "wg-quick(8) rule for surfshark-01" -j DROP
COMMIT
# Completed on Mon Dec  4 15:17:56 2023
# Generated by iptables-save v1.8.7 on Mon Dec  4 15:17:56 2023
*filter
:INPUT ACCEPT [2600836:870400629]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [2697408:3718693582]
:DOCKER - [0:0]
:DOCKER-ISOLATION-STAGE-1 - [0:0]
:DOCKER-ISOLATION-STAGE-2 - [0:0]
:DOCKER-USER - [0:0]
[196534:75283212] -A INPUT -i eth0 -p udp -m udp --dport 51821 -m comment --comment wireguard-input-rule -j ACCEPT
[2595:187940] -A INPUT -i wg0 -p udp -m udp --dport 53 -m comment --comment pihole-DNS-rule -j ACCEPT
[0:0] -A INPUT -i wg0 -p udp -m udp --dport 53 -m comment --comment pihole-DNS-rule -j ACCEPT
[0:0] -A INPUT -i wg0 -p udp -m udp --dport 53 -m comment --comment pihole-DNS-rule -j ACCEPT
[0:0] -A INPUT -i wg0 -p udp -m udp --dport 53 -m comment --comment pihole-DNS-rule -j ACCEPT
[0:0] -A INPUT -i eth0 -p udp -m udp --dport 51820 -m comment --comment wireguard-input-rule -j ACCEPT
[0:0] -A INPUT -i wg0 -p udp -m udp --dport 53 -m comment --comment pihole-DNS-rule -j ACCEPT
[7126:594673] -A FORWARD -j DOCKER-USER
[7126:594673] -A FORWARD -j DOCKER-ISOLATION-STAGE-1
[0:0] -A FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
[0:0] -A FORWARD -o docker0 -j DOCKER
[0:0] -A FORWARD -i docker0 ! -o docker0 -j ACCEPT
[0:0] -A FORWARD -i docker0 -o docker0 -j ACCEPT
[52:39572] -A FORWARD -d 10.122.89.0/24 -i eth0 -o wg0 -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment wireguard-forward-rule -j ACCEPT
[52:5313] -A FORWARD -s 10.122.89.0/24 -i wg0 -o eth0 -m comment --comment wireguard-forward-rule -j ACCEPT
[0:0] -A FORWARD -d 10.37.120.0/24 -i eth0 -o wg0 -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment wireguard-forward-rule -j ACCEPT
[0:0] -A FORWARD -s 10.37.120.0/24 -i wg0 -o eth0 -m comment --comment wireguard-forward-rule -j ACCEPT
[0:0] -A FORWARD -d 10.180.139.0/24 -i eth0 -o wg0 -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment wireguard-forward-rule -j ACCEPT
[0:0] -A FORWARD -s 10.180.139.0/24 -i wg0 -o eth0 -m comment --comment wireguard-forward-rule -j ACCEPT
[0:0] -A FORWARD ! -d 192.168.0.0/24 -o eth0 -j REJECT --reject-with icmp-port-unreachable
[7022:549788] -A FORWARD -i wg0 -j ACCEPT
[0:0] -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
[0:0] -A FORWARD -j REJECT --reject-with icmp-port-unreachable
[0:0] -A FORWARD ! -d 192.168.0.0/24 -o eth0 -j REJECT --reject-with icmp-port-unreachable
[0:0] -A FORWARD -i wg0 -j ACCEPT
[0:0] -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
[0:0] -A FORWARD -j REJECT --reject-with icmp-port-unreachable
[0:0] -A DOCKER -d 172.17.0.2/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 9000 -j ACCEPT
[0:0] -A DOCKER-ISOLATION-STAGE-1 -i docker0 ! -o docker0 -j DOCKER-ISOLATION-STAGE-2
[7126:594673] -A DOCKER-ISOLATION-STAGE-1 -j RETURN
[0:0] -A DOCKER-ISOLATION-STAGE-2 -o docker0 -j DROP
[0:0] -A DOCKER-ISOLATION-STAGE-2 -j RETURN
[7126:594673] -A DOCKER-USER -j RETURN
COMMIT
# Completed on Mon Dec  4 15:17:56 2023
# Generated by iptables-save v1.8.7 on Mon Dec  4 15:17:56 2023
*nat
:PREROUTING ACCEPT [22319:3933944]
:INPUT ACCEPT [21129:3820056]
:OUTPUT ACCEPT [311760:42143306]
:POSTROUTING ACCEPT [238479:31099589]
:DOCKER - [0:0]
[17127:2762741] -A PREROUTING -m addrtype --dst-type LOCAL -j DOCKER
[37519:12565678] -A OUTPUT ! -d 127.0.0.0/8 -m addrtype --dst-type LOCAL -j DOCKER
[7835:2646828] -A POSTROUTING -s 172.17.0.0/16 ! -o docker0 -j MASQUERADE
[25:1508] -A POSTROUTING -s 10.122.89.0/24 -o eth0 -m comment --comment wireguard-nat-rule -j MASQUERADE
[0:0] -A POSTROUTING -s 10.37.120.0/24 -o eth0 -m comment --comment wireguard-nat-rule -j MASQUERADE
[0:0] -A POSTROUTING -s 10.120.17.0/24 -o eth0 -m comment --comment wireguard-nat-rule -j MASQUERADE
[66609:8508653] -A POSTROUTING -o eth0 -j MASQUERADE
[0:0] -A POSTROUTING -o vpn-client -j MASQUERADE
[0:0] -A POSTROUTING -o eth0 -j MASQUERADE
[0:0] -A POSTROUTING -o vpn-client -j MASQUERADE
[0:0] -A POSTROUTING -s 172.17.0.2/32 -d 172.17.0.2/32 -p tcp -m tcp --dport 9000 -j MASQUERADE
[0:0] -A DOCKER -i docker0 -j RETURN
[0:0] -A DOCKER ! -i docker0 -p tcp -m tcp --dport 9002 -j DNAT --to-destination 172.17.0.2:9000
COMMIT
# Completed on Mon Dec  4 15:17:56 2023

Your vpn client interface is named

but you apply masquerade in iptables nat table to

interface.

Well, that was dumb on my side… but after changing vpn-client to surfshark-01 the VPN stopped working all together.
Let me check if I can understand what happened

Ok, not sure what happened but now everything seems to work fine!

When the next pay check is in I’ll make a donation, and sorry for waisting your time and expertise with my noob mistakes

all good. Thx @trendy for your commitment and continuous support.

Another question from the noob
This VPN configuration works perfectly fine over phone data but doesn’t work over wi-fi (outside of my house). Any reason and any easy fix for this?
I can’t access my local network nor the web.

Thanks!

maybe the WiFi network you are connecting has same IP address range like your home network?

Yes, they have the same IP range 192.168.1.x
Could it be the issue?

It is very much the issue.

Try to add IP range 192.168.1.0 as additional allowed IPs into client configuration on your mobile device.

I have 0.0.0.0 as allowed IPs so I guess it is supposed to work, or am I wrong?

I had a similar case in past while I was on a holiday cottage. Solution was to add the additional IP range into client configuration.

Best way is to change the subnet at home into something less common, like 192.168.155.0/24
If this is not possible at the moment, then adding the subnet as @Joulinar suggested will create a dedicated static route for this prefix which will hopefully get more weight than the local. You’ll be isolated from the local lan, but at least you’ll be connected to the home.