Wireguard did not "survive" DietPi upgrade?

Hi at all,

I just noticed “wg” or “wgshow” does nothing, although wireguard was successfully installed and worked fine a few days before.

Is there a way to check for errors when those commands don’t work? or do I have to uninstall/reinstall WireGuard?

best wishes!

EDIT: Reboot fixed it, I can connect, but no data is sent back to the client. port tells me “closed” when using web scanner, although router tells it is opened (green).
Is this here still a thing?
" IP forwarding is disabled by default on Raspbian so it’s extremely important to enable it for any of the iptables rules to work.

Enable IP forwarding in the Linux kernel by uncommenting or adding (uncommenting) net.ipv4.ip_forward = 1 to /etc/sysctl.conf to persist the setting between system restarts. Use sysctl -w net.ipv4.ip_forward=1 to enable IP forwarding immediately without having to reboot."

When a kernel upgrade is done, a reboot is mandatory for WireGuard to work, since it’s a kernel module.

The /etc/wireguard/wg0.conf shipped with our install option should enable IP forwarding automatically once the interface is brought up :thinking:.

scrap all that. client’s “nameserver” was misconfigured.

I told the client to use the wireguard/pihole IP as nameserver in order to block ads immediately. but unfortunately I have to use the routers IP which does not seem to use pihole as first DNS, but instead shows ads.

I think it is because wg network (10.x.x.x) is NOT “home network” (192.x.x.x) as my router uses. so that traffic is NOT put through pihole, right?

If I’m not mistaken, when you setup the NAT iptables rules to forward traffic between VPN and local network (also part of our wg0.conf), you can use the Pi-hole’s internal IP address as client’s DNS. If the Pi-hole host is the VPN server as well, you can definitely use the VPN IP (10.*).

EDIT: Ah, but Pi-hole needs to be configured to allow DNS requests from all origins, else it allows those from LAN hosts only and blocks those from VPN attached hosts by default.

yes correct. You need to Permit all origins within PiHole settings if using a VPN IP address 10.x.x.x for PiHole DNS

1 Like

changed it and will test. I noticed there is a “new option” I did not remember from first setting up pihole. it is now the recommended option for all devices only 1 hop away which would be true for local if on another network, right?


EDIT: works fine now when using PiHole IP as nameserver! Thanks!!!

Don’t trust that. WG is udp and it won’t respond to probes, if the packet is not correct.