Wireguard - No internet access with PiHole Topic is solved

Having issues with your DietPi installation, or, found a bug? Post it here.
GaryD
Posts: 20
Joined: Tue Feb 04, 2020 1:57 am

Wireguard - No internet access with PiHole

Post by GaryD »

Hi All,

Thanks for the awesome software. I've installed wireguard and i can connect internally fine using IP addresses, and externally when using an external DNS eg 1.1.1.1.

I can't use my piHole IP though (192.168.1.2). Hosts on the LAN use this fine and it isn't an issue. Any ideas?

Cheers
Gary
Last edited by GaryD on Tue Feb 04, 2020 3:27 am, edited 2 times in total.
GaryD
Posts: 20
Joined: Tue Feb 04, 2020 1:57 am

Re: Wireguard - No internet access

Post by GaryD »

OK quick update, I've found if I use my home router's IP address (192.168.1.1), and then set its primary DNS server to the pihole (192.168.1.2) it actually works.

I suspect it may be some sort of issue with pihole and wireguard on the same machine, some sort of firewall or loop back type issue?
User avatar
Joulinar
Posts: 2084
Joined: Sat Nov 16, 2019 12:49 am

Re: Wireguard - No internet access with PiHole

Post by Joulinar »

Hi,

yep it's actually a behavior of PiHole. I fixed it for myself by changing PiHole DNS Settings to > Listen on all interfaces, permit all origins
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
GaryD
Posts: 20
Joined: Tue Feb 04, 2020 1:57 am

Re: Wireguard - No internet access with PiHole

Post by GaryD »

Awesome thanks that did it :)

For what it's worth for other people trying to use Wireguard, I also needed to make a change to:
/etc/sysctl.conf

I had to uncomment the following line:
net.ipv4.ip_forward=1

Then reboot.
User avatar
Joulinar
Posts: 2084
Joined: Sat Nov 16, 2019 12:49 am

Re: Wireguard - No internet access with PiHole

Post by Joulinar »

for me this is not needed at all to change anything on /etc/sysctl.conf. WireGuard is working. I can access my Local Network as well as the Internet. And PiHole is acting as DNS Server.

Code: Select all

root@DietPi4:~# cat /etc/sysctl.conf|grep net.ipv4.ip_forward
#net.ipv4.ip_forward=1
root@DietPi4:~#
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
DarrenHill
Posts: 28
Joined: Wed May 08, 2019 3:00 pm

Re: Wireguard - No internet access with PiHole

Post by DarrenHill »

One comment on that change - I had to do it on my Pi (hosting both Wireguard and PiVPN) and after reboot the change reverted (and PiVPN lost access to anything outside of the Pi).

As a temporary measure I've set up a systemd service to run a script setting that traffic forwarding again on boot-up, but at least on my set-up there's something weird going on with sysctl.conf .

In any case for my configuration Wireguard worked fine either way, it was PiVPN (configured for OpenVPN support) which failed.
User avatar
Joulinar
Posts: 2084
Joined: Sat Nov 16, 2019 12:49 am

Re: Wireguard - No internet access with PiHole

Post by Joulinar »

Hi Guys,

in meantime it got clear that setting of net.ipv4.ip_forward=1 depends on the way how WireGuard was installed. Basically there are 2 ways.
  1. Installation done directly via dietpi-software
  2. Installation done using PiVPN
In case of option 1, applying this setting system-wide is not required, since we apply it right via the server config on service start, for the involved network interfaces:

Code: Select all

PostUp = sysctl net.ipv4.conf.%i.forwarding=1 net.ipv4.conf.\$(sed -n 3p /DietPi/dietpi/.network).forwarding=1
PostUp = sysctl net.ipv6.conf.\$(sed -n 3p /DietPi/dietpi/.network).accept_ra=2
PostUp = sysctl net.ipv6.conf.%i.forwarding=1 net.ipv6.conf.\$(sed -n 3p /DietPi/dietpi/.network).forwarding=1
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
DarrenHill
Posts: 28
Joined: Wed May 08, 2019 3:00 pm

Re: Wireguard - No internet access with PiHole

Post by DarrenHill »

@Joulinar - on my Pi both WG and PiVPN (hosting OpenVPN) are installed, both via dietpi-software.

Would that explain why I have to set the forwarding by script at reboot otherwise the OpenVPN cannot connect to anything outside the Pi (to my network or the Internet)?

It's all working fine now, but only because I set that forwarding via a systemd triggered script.
User avatar
Joulinar
Posts: 2084
Joined: Sat Nov 16, 2019 12:49 am

Re: Wireguard - No internet access with PiHole

Post by Joulinar »

Hi,

No thats a misunderstanding.

Wireguard can be installed 2 ways:
  1. using PiVPN package, as PiVPN is offering both options now: WireGuard as well as OpenPVN. But if you use PiVPN to install WireGuard or OpenVPN, you will haft to set the parameter.
  2. If you install WireGuard directly from dietpi-software all is fine.
So the issue seems to be with PiVPN script not handling the settings correctly

See as well GitHub https://github.com/MichaIng/DietPi/issues/2505
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
DarrenHill
Posts: 28
Joined: Wed May 08, 2019 3:00 pm

Re: Wireguard - No internet access with PiHole

Post by DarrenHill »

Yes, that does seem like the same issue I have.

To be clear I don't have any issue with Wireguard at all, the issue is with the PiVPN install (which is used for OpenVPN, not Wireguard). Wireguard is installed via dietpi-software and has no issue.

It sounds like the issue described on Github is affecting me too, although in my case I just worked around it by resetting the forwarding via a script triggered by a systemd service. But if it's now a replicated and known issue hopefully that won't be needed anyway if it can be fixed at source.
Post Reply