anbuchelva / pi-hole-and-wireguard-on-oracle-cloud-always-free-tier Goto Github PK

edit - nvm I figured it out

Thank you for this script to install WG & PiHole on Oracle. I have previously used another script on Ionos and then on Google cloud to compare performance from Africa. Then I discovered Oracle and tried to set up a VM using the other script but couldn't get it to work. I went looking I found this script and now I am able to connect from my clients perfectly. Thank you!

I am however having trouble connecting between clients using RDP. I have tried various configurations mirroring what works on the other Wireguard servers without success. I am suspecting a difference in iptables but not knowledgeable enough to determine that.

Do you have any suggestions?

Thank you again for the helpful script! Rob

For quick reference, here is wg config from Oracle plus the script that it references which works:

WG CONFIG FILE (ORACLE)

Address = 10.66.66.1/24,fd42:42:42::1/64
.......
PostUp = /etc/wireguard/ipt/start.sh; iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o ens3 -j MASQUERADE; ip6tables -A FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -A POSTROUTING -o ens3 -j MASQUERADE
PostDown = /etc/wireguard/ipt/stop.sh; iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o ens3 -j MASQUERADE; ip6tables -D FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -D POSTROUTING -o ens3 -j MASQUERADE
iptables -t nat -I POSTROUTING 1 -s 10.66.66.1/24 -o ens3 -j MASQUERADE

ORACLE START.SH

iptables -I INPUT 1 -i wg0 -j ACCEPT
iptables -I FORWARD 1 -i ens3 -o wg0 -j ACCEPT
iptables -I FORWARD 1 -i wg0 -o ens3 -j ACCEPT
iptables -I INPUT 1 -i ens3 -p udp --dport 51515 -j ACCEPT

ip6tables -t nat -I POSTROUTING 1 -s fd42:42:42::1/64 -o ens3 -j MASQUERADE
ip6tables -I INPUT 1 -i wg0 -j ACCEPT
ip6tables -I FORWARD 1 -i ens3 -o wg0 -j ACCEPT
ip6tables -I FORWARD 1 -i wg0 -o ens3 -j ACCEPT

Here is the content of the Google WG server that does allow RDP.

GOOGLE CLOUD WG CONFIG

[Interface]
Address = 10.66.66.1/24,fd42:42:42::1/64
.......
PostUp = iptables -I INPUT -p udp --dport 54209 -j ACCEPT
PostUp = iptables -I FORWARD -i ens4 -o wg0 -j ACCEPT
PostUp = iptables -I FORWARD -i wg0 -j ACCEPT
PostUp = iptables -t nat -A POSTROUTING -o ens4 -j MASQUERADE
PostUp = ip6tables -I FORWARD -i wg0 -j ACCEPT
PostUp = ip6tables -t nat -A POSTROUTING -o ens4 -j MASQUERADE

First, thanks for the wonderful setup script. Made life a lot easier.

My devices (peers) are making DNS lookups via IPv4 and IPv6. They show up as two separate clients in Pi-hole server, as it does not merge them together. I checked out Pi-Hole's community forums and came across this. Now, since this is a Pi-Hole limitation, my other option is to disable peers to be assigned (and use) IPv6 address/routing completely.

My question here is,

1. Is it safe to leave IPv6 address as blank, when running setup.sh again to create tunnel config file for new peers

2. Say if we disable IPv6 addressing/routing on this wireguard network, would there be any IP leak iff peers made DNS queries via IPv6 route?

Let me know if this question makes any sense.

When I finished the installation, through the VPN I get internet connection, I have the server allocated in France, but I still having an IP from my country and I can not enter in the PiHole admin page.

Everything is working fine but i still have my normal ip
interface: wg0
public key: SGoNwhrG8nka9Id0gDf1UHWykz8qDwI12QK9HhxQIHU=
private key: (hidden)
listening port: 51515

peer: RMCsihvA1PMyIn0oHqSMbjl6esyeK7zqYvI2nRcLY2M=
preshared key: (hidden)
endpoint: 94.31.85.235:59709
allowed ips: 10.66.66.3/32, fd42:42:42::3/128
latest handshake: 24 seconds ago
transfer: 930.98 KiB received, 3.06 MiB sent

peer: 3maoP5rq4KQvhSTZR3vBxjGlWwj1USaCMuBuZE2NQCo=
preshared key: (hidden)
allowed ips: 10.66.66.2/32, fd42:42:42::2/128
ubuntu@vpn:$ ^C
ubuntu@vpn:$ sudo wg
interface: wg0
public key: SGoNwhrG8nka9Id0gDf1UHWykz8qDwI12QK9HhxQIHU=
private key: (hidden)
listening port: 51515

peer: RMCsihvA1PMyIn0oHqSMbjl6esyeK7zqYvI2nRcLY2M=
preshared key: (hidden)
endpoint: 94.31.85.235:49448
allowed ips: 10.66.66.3/32, fd42:42:42::3/128
latest handshake: 37 seconds ago
transfer: 1.01 MiB received, 3.18 MiB sent

peer: 3maoP5rq4KQvhSTZR3vBxjGlWwj1USaCMuBuZE2NQCo=
preshared key: (hidden)
allowed ips: 10.66.66.2/32, fd42:42:42::2/128

pihole status
[✓] FTL is listening on port 53
[✓] UDP (IPv4)
[✓] TCP (IPv4)
[✓] UDP (IPv6)
[✓] TCP (IPv6)

[✓] Pi-hole blocking is enabled

Is there an easy way to modify the setup.sh to allow peers (vpn clients) to communicate with each other?
Right now it seems that the peers are not allowed to do so. At least I can't ping from one vpn client host to another.

Hello, i followed the steps and cant connect to the WebUI "Cant reach website" any idea what could have gone wrong?

I have these running in conjunction great and I can easily connect clients on mobile and windows but on my Ubuntu 22.04 client I can't seem to get the connection to work! Is there any way you might be able to help with this, Im unsure of where else to ask and I spent several hours last night trying to get it working.

Hi,
encountered this error during installation and did not install pi-hole
can i get some help?
Oracle cloud
Server Ubuntu 22.04
``
[✓] Enabling lighttpd service to start on reboot...
[✓] Creating user 'pihole'

[i] FTL Checks...

[✓] Detected AArch64 (64 Bit ARM) processor
[i] Checking for existing FTL binary...
[i] Downloading and Installing FTL...pihole-FTL-aarch64-linux-gnu: FAILED
sha1sum: WARNING: 1 computed checksum did NOT match
[✗] Downloading and Installing FTL
Error: Download of https://github.com/pi-hole/ftl/releases/latest/download/pihole-FTL-aarch64-linux-gnu failed (checksum error)
[✗] FTL Engine not installed
./setup.sh: line 299: pihole: command not found
``

Hi
This project is no working in my Oracle instance (with Ubuntu 20.04). I was wondering if it is related with the IPv4 CIDR Block. I have assigned 10.0.0.0/24 but the setup use the range 10.66.66.*.
Should I modify the setup file? In that case, How do I start again the full installation? Because when I enter setup again it only adds a new client rather install the whole project from scratch.
Thank you!

So I'm using the default configurations and I can connect and have internet... but it's unbearably slow. Youtube video descriptions and thumbnails are the only thing that will load for me. In chrome I get the error DNS_PROBE_FINISHED_BAD_CONFIG. All I did was add AdGuardDNS rules to the adblocking. A little help please? :)