I have Pi-hole running on an Ubuntu host (on bare metal, not in a container), and this host uses 127.0.0.1 for its own DNS. Other hosts on my network also use Pi-hole for their DNS.
Currently, I have WireGuard UI running in a container (as per your system.yml example), which configures WireGuard running on the host.
I have also tried running both WireGuard and WireGuard UI in containers (as per your linuxserver.yml example). In both cases, the VPN works, but only if I specify a globally accessible DNS server (e.g., 1.1.1.1).
However, I want my WireGuard clients to use Pi-hole for their DNS, which is running on the local IP of the host where WireGuard and WireGuard UI are running.
What I've Tried
Pre-up script with Pi-hole's loopback address (127.0.0.1):
iptables -A FORWARD -i wg0 -j ACCEPT
iptables -A FORWARD -o enp2s0 -j ACCEPT
iptables -t nat -A POSTROUTING -o enp2s0 -j MASQUERADE
iptables -A INPUT -i wg0 -d 127.0.0.1 -j ACCEPT
Then setting the DNS of the WireGuard server as 127.0.0.1.
Pre-up script with the host's IP address (172.16.32.11):
iptables -A FORWARD -i wg0 -j ACCEPT
iptables -A FORWARD -o enp2s0 -j ACCEPT
iptables -t nat -A POSTROUTING -o enp2s0 -j MASQUERADE
iptables -A INPUT -i wg0 -d 172.16.32.11 -j ACCEPT
Then setting the DNS of the WireGuard server as 172.16.32.11.
In both scenarios, I am setting Allowed IPs = 0.0.0.0/0, and DNS resolution fails on the connected client.
Question
If I deselect "Use server DNS" on the clients, how then can I specify the local IP of the host running WireGuard for the DNS to use? Alternatively, what configuration changes are needed to allow WireGuard clients to use Pi-hole, as described above, for DNS resolution successfully?
Hi
I have Pi-hole running on an Ubuntu host (on bare metal, not in a container), and this host uses 127.0.0.1 for its own DNS. Other hosts on my network also use Pi-hole for their DNS.
Currently, I have WireGuard UI running in a container (as per your system.yml example), which configures WireGuard running on the host.
I have also tried running both WireGuard and WireGuard UI in containers (as per your linuxserver.yml example). In both cases, the VPN works, but only if I specify a globally accessible DNS server (e.g., 1.1.1.1).
However, I want my WireGuard clients to use Pi-hole for their DNS, which is running on the local IP of the host where WireGuard and WireGuard UI are running.
What I've Tried
Pre-up script with Pi-hole's loopback address (127.0.0.1):
iptables -A FORWARD -i wg0 -j ACCEPT iptables -A FORWARD -o enp2s0 -j ACCEPT iptables -t nat -A POSTROUTING -o enp2s0 -j MASQUERADE iptables -A INPUT -i wg0 -d 127.0.0.1 -j ACCEPT
Then setting the DNS of the WireGuard server as 127.0.0.1.
Pre-up script with the host's IP address (172.16.32.11):
iptables -A FORWARD -i wg0 -j ACCEPT iptables -A FORWARD -o enp2s0 -j ACCEPT iptables -t nat -A POSTROUTING -o enp2s0 -j MASQUERADE iptables -A INPUT -i wg0 -d 172.16.32.11 -j ACCEPT
Then setting the DNS of the WireGuard server as 172.16.32.11.
In both scenarios, I am setting Allowed IPs = 0.0.0.0/0, and DNS resolution fails on the connected client.
Question If I deselect "Use server DNS" on the clients, how then can I specify the local IP of the host running WireGuard for the DNS to use? Alternatively, what configuration changes are needed to allow WireGuard clients to use Pi-hole, as described above, for DNS resolution successfully?
Thanks in advance.