PiVPN with Wireguard and PiHole not working correctly Topic is solved

Have some feedback, questions, suggestions, or just fancy a chat? Pop it in here.
User avatar
Joulinar
Posts: 5115
Joined: Sat Nov 16, 2019 12:49 am

Re: PiVPN with Wireguard and PiHole not working correctly

Post by Joulinar »

ok I was asking because Docker block routing functionality by default https://docs.docker.com/network/iptable ... n-a-router
But if it is not installed, it should not have an impact

@trendy
It's about Wireguard server installed on the DietPi device where it is not possible to reach systems behind DietPi/Wireguard server. Something wrong on routing from wg0 interface into local network.
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
nilsacht
Posts: 24
Joined: Mon Jan 18, 2021 9:33 am

Re: PiVPN with Wireguard and PiHole not working correctly

Post by nilsacht »

trendy wrote: Tue Jan 19, 2021 10:18 am Is it possible to get the following before and after you connect to the VPN?

Code: Select all

ip -4 addr; ip -4 ro li table all; ip -4 ru; iptables-save -c; netstat -lnp
and point out which service is not running after the vpn is up.
Is it possible to save the output in a file? That's a lot of output i get with this commands.
User avatar
trendy
Posts: 342
Joined: Tue Feb 25, 2020 2:54 pm

Re: PiVPN with Wireguard and PiHole not working correctly

Post by trendy »

Joulinar wrote: Tue Jan 19, 2021 10:19 am @trendy
It's about Wireguard server installed on the DietPi device where it is not possible to reach systems behind DietPi/Wireguard server. Something wrong on routing from wg0 interface into local network.
I thought as much.
nilsacht wrote: Tue Jan 19, 2021 10:25 am Is it possible to save the output in a file? That's a lot of output i get with this commands.
Maybe you can use pastebin?
nilsacht
Posts: 24
Joined: Mon Jan 18, 2021 9:33 am

Re: PiVPN with Wireguard and PiHole not working correctly

Post by nilsacht »

The output befor vpn connection:

http://sprunge.us/qAtrEZ

The output after vpn connection:

http://sprunge.us/dWRCKL
User avatar
trendy
Posts: 342
Joined: Tue Feb 25, 2020 2:54 pm

Re: PiVPN with Wireguard and PiHole not working correctly

Post by trendy »

Only the last command is pasted in both files.
nilsacht
Posts: 24
Joined: Mon Jan 18, 2021 9:33 am

Re: PiVPN with Wireguard and PiHole not working correctly

Post by nilsacht »

Ok i take a look and post all soon
User avatar
Joulinar
Posts: 5115
Joined: Sat Nov 16, 2019 12:49 am

Re: PiVPN with Wireguard and PiHole not working correctly

Post by Joulinar »

as well you could execute them one by one and post the output in separat files to get more visibility

Code: Select all

ip -4 addr
ip -4 ro li table all
ip -4 ru
iptables-save -c
netstat -lnp
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
User avatar
trendy
Posts: 342
Joined: Tue Feb 25, 2020 2:54 pm

Re: PiVPN with Wireguard and PiHole not working correctly

Post by trendy »

Try it like this:

Code: Select all

sudo ip -4 addr > file.txt; sudo ip -4 ro li table all >> file.txt; sudo ip -4 ru >> file.txt; sudo iptables-save -c >> file.txt; sudo ss -tulnp >> file.txt
Last edited by trendy on Tue Jan 19, 2021 12:11 pm, edited 1 time in total.
Sibbefufzich
Posts: 17
Joined: Mon Jan 18, 2021 6:12 pm

Re: PiVPN with Wireguard and PiHole not working correctly

Post by Sibbefufzich »

Hey guys,

Ok, first up: My problem is IPv6 only, so I kinda feel like hijacking this Thread. If you think I should open a new one, please let me know.

I also executed the suggested commands (although not IPv6 specific I guess) and this is th output before connecting the client to the server:

ip -4 addr:

Code: Select all

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    inet 192.168.0.3/24 brd 192.168.0.255 scope global eth0
       valid_lft forever preferred_lft forever
9: wg0: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1420 qdisc noqueue state UNKNOWN group default qlen 1000
    inet 192.168.0.3/24 scope global wg0
       valid_lft forever preferred_lft forever
ip -4 ro li table all:

Code: Select all

default via 192.168.0.1 dev eth0 onlink
192.168.0.0/24 dev eth0 proto kernel scope link src 192.168.0.3
192.168.0.0/24 dev wg0 proto kernel scope link src 192.168.0.3
broadcast 127.0.0.0 dev lo table local proto kernel scope link src 127.0.0.1
local 127.0.0.0/8 dev lo table local proto kernel scope host src 127.0.0.1
local 127.0.0.1 dev lo table local proto kernel scope host src 127.0.0.1
broadcast 127.255.255.255 dev lo table local proto kernel scope link src 127.0.0.1
broadcast 192.168.0.0 dev eth0 table local proto kernel scope link src 192.168.0.3
broadcast 192.168.0.0 dev wg0 table local proto kernel scope link src 192.168.0.3
local 192.168.0.3 dev eth0 table local proto kernel scope host src 192.168.0.3
local 192.168.0.3 dev wg0 table local proto kernel scope host src 192.168.0.3
broadcast 192.168.0.255 dev eth0 table local proto kernel scope link src 192.168.0.3
broadcast 192.168.0.255 dev wg0 table local proto kernel scope link src 192.168.0.3
ip -4 ru:

Code: Select all

0:	from all lookup local
32766:	from all lookup main
32767:	from all lookup default
iptables-save -c:
<no output>

And now, weird:
netstat -lnp:

Code: Select all

-bash: netstat: command not found
After connecting to the wireguard server, the only output that changed was the missing

Code: Select all

default via 192.168.0.1 dev eth0 onlink
in the ip -4 ro li table all output.
User avatar
trendy
Posts: 342
Joined: Tue Feb 25, 2020 2:54 pm

Re: PiVPN with Wireguard and PiHole not working correctly

Post by trendy »

If your problem is with IPv6 only, then these commands will not give any useful output.
Better start a new thread and we can discuss it there.
I have updated the commands with sudo (in case you run them as dietpi user) and changed the obsolete netstat with ss (old habits die hard).
Post Reply