search

IAmStoxe / wirehole

WireHole is a combination of WireGuard, Pi-hole, and Unbound in a docker-compose project with the intent of enabling users to quickly and easily create a personally managed full or split-tunnel WireGuard VPN with ad blocking capabilities thanks to Pi-hole, and DNS caching, additional privacy options, and upstream providers via Unbound.
https://iamstoxe.com
Other
4.71k stars 321 forks source link

QUESTION : Changing INTERNAL_SUBNET stops everything from working. #46

Open grab-a-byte opened 3 years ago

grab-a-byte commented 3 years ago

I have made a docker compose file based on this as follows (urls etc changed for obvious reasons).

version: "3"

networks:
  private_network:
    ipam:
      driver: default
      config:
        - subnet: 10.2.0.0/24

services:
  wireguard:
    depends_on: [pihole]
    image: linuxserver/wireguard
    container_name: wireguard
    cap_add:
      - NET_ADMIN
      - SYS_MODULE
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=Europe/London # Change to your timezone
      - SERVERPORT=51820
      - SERVERURL=testvpn.test.com #optional - For use with DDNS (Uncomment to use)
      - PEERS=2 # How many peers to generate for you (clients)
      - PEERDNS=10.2.0.100 # Set it to point to pihole
      - INTERNAL_SUBNET=10.6.0.0
    volumes:
      - ./wireguard:/config
      - /lib/modules:/lib/modules
    ports:
      - "51820:51820/udp"
    dns:
      - 10.2.0.100 # Points to pihole
    sysctls:
      - net.ipv4.conf.all.src_valid_mark=1
    restart: unless-stopped
    networks:
      private_network:
        ipv4_address: 10.2.0.3

  pihole:
    container_name: pihole
    image: pihole/pihole:latest
    restart: unless-stopped
    hostname: pihole
    dns:
      - 127.0.0.1
    environment:
      TZ: "Europe/London"
      WEBPASSWORD: "testpassword" # Blank password - Can be whatever you want.
      ServerIP: 10.1.0.100
      DNS1: 1.1.1.1
      DNS2: 1.1.1.1 # If we don't specify two, it will auto pick google.
    volumes:
      - "./etc-pihole/:/etc/pihole/"
      - "./etc-dnsmasq.d/:/etc/dnsmasq.d/"
    # Recommended but not required (DHCP needs NET_ADMIN)
    #   https://github.com/pi-hole/docker-pi-hole#note-on-capabilities
    cap_add:
      - NET_ADMIN
    networks:
      private_network:
        ipv4_address: 10.2.0.100

This works really well and I am able to get on to the wireguard vpn and have access (though have lost seeing different clients in pi hole compared to running native).

I have tried to remove the INTERNAL_SUBNET environment variable from the wireguard service as on dockerhub for wireguard it says its optional and this defaults it to 10.13.13.0 which I thought would be acceptable however only removing that breaks the whole thing. Was hoping someone could help me understand why.

Thanks in advance.

grab-a-byte commented 1 year ago

Hi Just wondering if theres an answer for this? (I took the main config from your wirehole docker-compose)