notasausage / pi-hole-unbound-wireguard Goto Github PK

Hello Patrik,
Thank for tutorial.

I've got problem with last TEST.
What you need to know to help me?

It would be nice if there was a link to the project site in the README and in the GitHub repo details so visitors could read the documentation in a better environment and find out more.

You guide is amazing.

A tangential question, can we route specific traffic through Wireguard?

For instance, I want want to limit the VPN connection to only serve DNS queries and leave all other client alone.

This would be OpenVPN's push "dhcp-option DNS <IP>" as the only push directive in server.conf.

Hi there,

Love your guide!! It helped so much and was very easy to use. I followed all of your steps, but when I enabled my VPN on my client I was able to see a handshake was happening, but I wasn't able to connect to the internet while on the VPN. It turns out the issue was due to my configuration with PiHole. Note I didn't configure Unbound or PiHole with your guide so that may be why I missed this step, I mainly used your guide for the Wireguard setup. I ran this command for PiHole and everything worked. Once again thanks for your help!! Feel free to add this to your guide if you want.

pihole -a -i all

um, sudo apt install wireguard no longer seems to work, but wireguard-tools seems to have replaced it?

Also, can't seem to find dkms or modules even after getting the keys and unstable repo loaded. Could you please advise?

The GitHub project page is not secure. It should be.

This is only my opinion because for me it reduced the number of commands necessary to get Wireguard up and running down to three. One to install (using an installer like PiHole's), one to generate my user (peer), and one to generate the QR Code for my phone.

I'm still having problems getting local hostname lookup to work, but your guide got me a little bit closer. Thank you!

Wiregaurd uses UDP only

The README for this project is starting to become unwieldy, and it might make more sense to move a lot of it into the Wiki for the repo, breaking sections out to pages instead.

Thanks for the great guide. Unfortunately, I wasn't able to buy you a coffee :(
Patrick Haney only accepts payments from PayPal accounts registered in the United States.

I got everything working first time thanks to your instructions. Few days ago I decided to add a second peer, creating a profile and then editing sudo nano /etc/wireguard/wg0.conf to add the second peer. The second peer connects fine but the first peer doesn't connect now, I didn't change any settings relating to my first peer, do you have any idea what may have caused this?
What I added to the wg0.conf was:

[Peer]
#peer 2
PublicKey = *******
AllowedIPs = ******

Hey I have an automated script is there any way I can add it to this repo??

Thanks for the great work you done here.

I have a use case for you, I have a pihole already running off an atomic pi and provides adblocking to my network as it is the main DNS IP. Can I add the wireguard setup also? that way my devices get VPN data from my VPN provider? Any help would be much appreciated.

Thanks for putting this together. Im interesting in these additions:

Move from IPtables (deprecated) to nftables
Add an SSL certificate for the Pi-Hole Web Interface
Get local hostnames working in Pi-Hole so we can see device names instead of local IP addresses

Have you had any progress or enhanced reading links?

Thanks!

Thank you for the awesome tutorial! Learned a lot of things for it! :)

I have followed all your steps exactly. Except, I am using Cloudflare DNS over HTTPS as my upstream DNS instead of Unbound. Rest all the setup are same as your tutorial.

I think it is an issue with the Wireguard config file (I might be wrong also!).

The issue is:
When I am on the local network and performing a DNSLeak Test, I get my DNS resolver as Cloudflare(expected). But when connecting from outside the local network and enabling WireGuard VPN, I am not getting the Cloudflare in DNS Leak test.
My understanding is when I am connecting WireGuard from outside local network, it should route my traffic through Pi-Hole and then ultimately to Cloudflare DoH upstream DNS servers. But that is not what happening.

The install procedure current method has often fallen to unreliable as the rpi-kernel and newer changes with kernel-headers with the RPI is ever evolving. here is what I recommend for new installation instructions for wireguard as they are more reliable then using unstable debians version.

echo "deb http://raspbian.raspberrypi.org/raspbian/ bullseye main" | $SUDO tee /etc/apt/sources.list.d/wireguard-bullseye.list
printf 'Package: *\nPin: release n=bullseye\nPin-Priority: -1\n\nPackage: wireguard wireguard-dkms wireguard-tools\nPin: release n=bullseye\nPin-Priority: 100\n' | $SUDO tee /etc/apt/preferences.d/wireguard-limit-bullseye

(this part below is already in your instructions)
sudo apt update && sudo apt install raspberrypi-kernel-headers wireguard wireguard-tools wireguard-dkms qrencode -y

I recommend keeping everything else the same.
I recommend switching to the raspbian/bullseye dev and telling it to only allow usage for wireguard and associated packages, this will insure the binaries always honor the kernel-headers.