Thanks for the awesome software. I’ve installed wireguard and i can connect internally fine using IP addresses, and externally when using an external DNS eg 1.1.1.1.
I can’t use my piHole IP though (192.168.1.2). Hosts on the LAN use this fine and it isn’t an issue. Any ideas?
OK quick update, I’ve found if I use my home router’s IP address (192.168.1.1), and then set its primary DNS server to the pihole (192.168.1.2) it actually works.
I suspect it may be some sort of issue with pihole and wireguard on the same machine, some sort of firewall or loop back type issue?
for me this is not needed at all to change anything on /etc/sysctl.conf. WireGuard is working. I can access my Local Network as well as the Internet. And PiHole is acting as DNS Server.
One comment on that change - I had to do it on my Pi (hosting both Wireguard and PiVPN) and after reboot the change reverted (and PiVPN lost access to anything outside of the Pi).
As a temporary measure I’ve set up a systemd service to run a script setting that traffic forwarding again on boot-up, but at least on my set-up there’s something weird going on with sysctl.conf .
In any case for my configuration Wireguard worked fine either way, it was PiVPN (configured for OpenVPN support) which failed.
in meantime it got clear that setting of net.ipv4.ip_forward=1 depends on the way how WireGuard was installed. Basically there are 2 ways.
Installation done directly via dietpi-software
Installation done using PiVPN
In case of option 1, applying this setting system-wide is not required, since we apply it right via the server config on service start, for the involved network interfaces:
PostUp = sysctl net.ipv4.conf.%i.forwarding=1 net.ipv4.conf.\$(sed -n 3p /DietPi/dietpi/.network).forwarding=1
PostUp = sysctl net.ipv6.conf.\$(sed -n 3p /DietPi/dietpi/.network).accept_ra=2
PostUp = sysctl net.ipv6.conf.%i.forwarding=1 net.ipv6.conf.\$(sed -n 3p /DietPi/dietpi/.network).forwarding=1
Joulinar - on my Pi both WG and PiVPN (hosting OpenVPN) are installed, both via dietpi-software.
Would that explain why I have to set the forwarding by script at reboot otherwise the OpenVPN cannot connect to anything outside the Pi (to my network or the Internet)?
It’s all working fine now, but only because I set that forwarding via a systemd triggered script.
using PiVPN package, as PiVPN is offering both options now: WireGuard as well as OpenPVN. But if you use PiVPN to install WireGuard or OpenVPN, you will haft to set the parameter.
If you install WireGuard directly from dietpi-software all is fine.
So the issue seems to be with PiVPN script not handling the settings correctly
To be clear I don’t have any issue with Wireguard at all, the issue is with the PiVPN install (which is used for OpenVPN, not Wireguard). Wireguard is installed via dietpi-software and has no issue.
It sounds like the issue described on Github is affecting me too, although in my case I just worked around it by resetting the forwarding via a script triggered by a systemd service. But if it’s now a replicated and known issue hopefully that won’t be needed anyway if it can be fixed at source.
This doesn’t do the trick for. Still no internet access via VPN (Wireguard). Using a Raspberry Pi 4B, dietpi, pi-hole, … all installed with dietpi-software UI. Ip forwarding is on (not changed by me)
Any other tips?
Can’t check it now, but the connection must be established, as I was able to SSH to the Pi.
Today I also needed to set back pi-hole settings to “Listen only on interface eth0”, as I had connection issues in my network and pi-hole didn’t seem to block anything with Listen on all interfaces, permit all origins"
Same problem here. Must exist since latest updates, a couple of weeks ago with another setup it was working out of the box.
With active Wireguard connection I can reach the Pi itself but hothing behind, the traffic won’t get routed past it.
You will have to set to listening only on eth0 or whatever your interface name is in PiHole settings. For now after PiHole installation it’s set to only allow traffic that is 1 Hop away not further.
On top I did pivpn -d for debug mode and then during the test it asks you to activate IP forwarding.
Really this was driving me nuts the last couple days but finally it’s working again with PiHole in combination with Wireguard
Yes if you are using PiVPN, you would need to set IP forwarding manually. This would not be needed if you install WireGuard directly from DietPi Software Catalog.