Cannot use pihole DNS through wireguard VPN

matdb · 9. Juli 2023

I have setup PiHole in docker using a macvlan. I also set up wireguard in docker (linuxser.io).

I can connect to wireguard and ping almost every computer or phone in my home network but not pihole. Which of course means I also cannot use it for DNS.

I also noticed that my server cannot ping PiHole.

Any ideas? OK before I posted this I have searched a bit more and found this thread, post 13 in the thread with the solution. Is this a good why to solve the problem?

home network: 192.168.16.0/24

gateway: 192.168.16.1

macvlan:

Code

"Subnet": "192.168.16.0/24",
"IPRange": "192.168.16.0/25",
"Gateway": "192.168.16.1"

PiHole IP: 192.168.16.65/24

Server IP: 192.168.16.64/24

chente · 9. Juli 2023

Zitat von matdb

I have setup PiHole in docker using a macvlan. I also set up wireguard in docker (linuxser.io).

I can connect to wireguard and ping almost every computer or phone in my home network but not pihole. Which of course means I also cannot use it for DNS.
I also noticed that my server cannot ping PiHole.

Any ideas? OK before I posted this I have searched a bit more and found this thread, post 13 in the thread with the solution. Is this a good why to solve the problem?

I like that solution for the interface created in the host because it uses netplan, I'll have to check that thread, I didn't remember it, thanks for the link.

I recently posted this on the wiki, it helps you create the macvlan network from the plugin. Although the part of the bridge can be improved. https://wiki.omv-extras.org/do…_the_same_lan_as_the_host

When I have time and desire I will look at this better.

matdb · 9. Juli 2023

I didn't now there was guide.

Zitat von chente

When I have time and desire I will look at this better.

Thanks!

What do you advice me (of course without warranty) to use for now, your solution in the guide or the post I found?

I assume your guide is the best way for now?

chente · 9. Juli 2023

Zitat von matdb

What do you advice me (of course without warranty) to use for now, your solution in the guide or the post I found?
I assume your guide is the best way for now?

I think it doesn't make any difference to create the vlan. The GUI is more convenient and faster. It seems to me that the two methods do the same thing. For the bridge in the host I think the link you posted is better, but I would have to look at it better, I just took a look at it.

matdb · 9. Juli 2023

Zitat von chente

I think it doesn't make any difference to create the vlan.

I created the macvlan already using the webui. PiHole is already running. I am now just trying to solve the macvlan issue.

Zitat von chente

For the bridge in the host I think the link you posted is better, but I would have to look at it better, I just took a look at it.

I'll try the solution I found. If I encounter problems I let you know. I not I'll try to let you know as well.

chente · 9. Juli 2023

Zitat von matdb

I'll try the solution I found. If I encounter problems I let you know. I not I'll try to let you know as well.

ok thanks

matdb · 9. Juli 2023

So I am getting some nice errors I do not understand...

What I did:

1. Create /etc/netplan/90-macvlan-docker-interface.yaml

Code

sudo cat /etc/netplan/90-macvlan-docker-interface.yaml
network:
  version: 2
  renderer: networkd
  ethernets:
    macvlaninterface:
      addresses:
      - 192.168.16.64/32
      routes:
      - to: 192.168.16.65/32
        via: 192.168.16.64
        metric: 100

Alles anzeigen

2. I installed networkd-dispatcher using the apt-tool plugin.

(Services -> Apt Tool -> Packages -> Add new package -> networkd.dispatcher -> Tools -> Install)

3. Create the script /etc/networkd-dispatcher/configured.d/90-macvlan-docker-interface.sh

Code

sudo cat /etc/networkd-dispatcher/configured.d/90-macvlan-docker-interface.sh 
#! /bin/bash

ip link add macvlaninterface link enp2s0 type macvlan mode bridge

4. Make the script executable

Code

sudo chmod o+x,g+x,u+x /etc/networkd-dispatcher/configured.d/90-macvlan-docker-interface.sh

5. Run sudo netplan try

Code

sudo netplan try
Warning: Stopping systemd-networkd.service, but it can still be activated by:
  systemd-networkd.socket
Do you want to keep these settings?


Press ENTER before the timeout to accept the new configuration


Changes will revert in  71 seconds
Configuration accepted.

Alles anzeigen

6. Run sudo netplan apply, no output

7. Run sudo networkd-dispatcher -T

Code

sudo networkd-dispatcher -T
No valid path found for iw
Error: Attribute failed policy validation.
WARNING:Exit status 2 from script '/etc/networkd-dispatcher/configured.d/90-macvlan-docker-interface.sh' invoked with environment {'LANGUAGE': 'en_US:en', 'LC_ADDRESS': 'nl_BE.UTF-8', 'LC_NAME': 'nl_BE.UTF-8', 'LC_MONETARY': 'nl_BE.UTF-8', 'LANG': 'en_US.UTF-8', 'LC_PAPER': 'nl_BE.UTF-8', 'LS_COLORS': 'rs=0:di=01;34:ln=01;36:mh=00:pi=40;33:so=01;35:do=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:mi=00:su=37;41:sg=30;43:ca=30;41:tw=30;42:ow=34;42:st=37;44:ex=01;32:*.tar=01;31:*.tgz=01;31:*.arc=01;31:*.arj=01;31:*.taz=01;31:*.lha=01;31:*.lz4=01;31:*.lzh=01;31:*.lzma=01;31:*.tlz=01;31:*.txz=01;31:*.tzo=01;31:*.t7z=01;31:*.zip=01;31:*.z=01;31:*.dz=01;31:*.gz=01;31:*.lrz=01;31:*.lz=01;31:*.lzo=01;31:*.xz=01;31:*.zst=01;31:*.tzst=01;31:*.bz2=01;31:*.bz=01;31:*.tbz=01;31:*.tbz2=01;31:*.tz=01;31:*.deb=01;31:*.rpm=01;31:*.jar=01;31:*.war=01;31:*.ear=01;31:*.sar=01;31:*.rar=01;31:*.alz=01;31:*.ace=01;31:*.zoo=01;31:*.cpio=01;31:*.7z=01;31:*.rz=01;31:*.cab=01;31:*.wim=01;31:*.swm=01;31:*.dwm=01;31:*.esd=01;31:*.jpg=01;35:*.jpeg=01;35:*.mjpg=01;35:*.mjpeg=01;35:*.gif=01;35:*.bmp=01;35:*.pbm=01;35:*.pgm=01;35:*.ppm=01;35:*.tga=01;35:*.xbm=01;35:*.xpm=01;35:*.tif=01;35:*.tiff=01;35:*.png=01;35:*.svg=01;35:*.svgz=01;35:*.mng=01;35:*.pcx=01;35:*.mov=01;35:*.mpg=01;35:*.mpeg=01;35:*.m2v=01;35:*.mkv=01;35:*.webm=01;35:*.webp=01;35:*.ogm=01;35:*.mp4=01;35:*.m4v=01;35:*.mp4v=01;35:*.vob=01;35:*.qt=01;35:*.nuv=01;35:*.wmv=01;35:*.asf=01;35:*.rm=01;35:*.rmvb=01;35:*.flc=01;35:*.avi=01;35:*.fli=01;35:*.flv=01;35:*.gl=01;35:*.dl=01;35:*.xcf=01;35:*.xwd=01;35:*.yuv=01;35:*.cgm=01;35:*.emf=01;35:*.ogv=01;35:*.ogx=01;35:*.aac=00;36:*.au=00;36:*.flac=00;36:*.m4a=00;36:*.mid=00;36:*.midi=00;36:*.mka=00;36:*.mp3=00;36:*.mpc=00;36:*.ogg=00;36:*.ra=00;36:*.wav=00;36:*.oga=00;36:*.opus=00;36:*.spx=00;36:*.xspf=00;36:', 'TERM': 'xterm-256color', 'LC_IDENTIFICATION': 'nl_BE.UTF-8', 'LC_TELEPHONE': 'nl_BE.UTF-8', 'LC_MEASUREMENT': 'nl_BE.UTF-8', 'LC_TIME': 'nl_BE.UTF-8', 'PATH': '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', 'LC_NUMERIC': 'nl_BE.UTF-8', 'MAIL': '/var/mail/root', 'LOGNAME': 'root', 'USER': 'root', 'HOME': '/root', 'SHELL': '/bin/bash', 'SUDO_COMMAND': '/usr/bin/networkd-dispatcher -T', 'SUDO_USER': '**user**', 'SUDO_UID': '1000', 'SUDO_GID': '100', 'ADDR': '192.168.16.64', 'ESSID': '', 'IP_ADDRS': '192.168.16.64', 'IP6_ADDRS': '', 'IFACE': 'enp2s0', 'STATE': 'configured', 'AdministrativeState': 'configured', 'OperationalState': 'routable', 'json': '{"Address": ["192.168.16.64"], "AdministrativeState": "configured", "Auto negotiation": ["yes"], "DNS": ["9.9.9.9", "1.1.1.1"], "Driver": ["r8169"], "Duplex": ["full"], "Gateway": ["192.168.16.1 (Compal Broadband Networks, Inc.)"], "HW Address": ["00:e0:4c:68:13:12 (REALTEK SEMICONDUCTOR CORP.)"], "IPv6 Address Generation Mode": ["none"], "InterfaceName": "enp2s0", "Link File": ["/usr/lib/systemd/network/99-default.link"], "MTU": ["1500 (min: 68, max: 9194)"], "Model": ["RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller"], "Network File": ["/run/systemd/network/10-netplan-enp2s0.network"], "OperationalState": "routable", "Path": ["pci-0000:02:00.0"], "Port": ["tp"], "QDisc": ["fq_codel"], "Queue Length (Tx/Rx)": ["1/1"], "Speed": ["1Gbps"], "State": "routable (configured)", "Type": "ether", "Vendor": ["Realtek Semiconductor Co., Ltd."]}'}
^CTraceback (most recent call last):
  File "/usr/bin/networkd-dispatcher", line 497, in <module>
    init()
  File "/usr/bin/networkd-dispatcher", line 494, in init
    main()
  File "/usr/bin/networkd-dispatcher", line 489, in main
    mainloop.run()
  File "/usr/lib/python3/dist-packages/gi/overrides/GLib.py", line 497, in run
    super(MainLoop, self).run()
  File "/usr/lib/python3.9/contextlib.py", line 124, in __exit__
    next(self.gen)
  File "/usr/lib/python3/dist-packages/gi/_ossighelper.py", line 237, in register_sigint_fallback
    signal.default_int_handler(signal.SIGINT, None)
KeyboardInterrupt

Alles anzeigen

chente · 9. Juli 2023

This should be studied in detail, but considering that the network configuration in OMV changed about a month or two ago, it is possible that the configuration of that thread no longer behaves in the same way.

matdb · 9. Juli 2023

I think I got it working.

Ok never mind.

But I am getting further with it so that is nice

matdb · 9. Juli 2023

Ok I got it working now!!!

Really happy!

Zitat von matdb

7. Run sudo networkd-dispatcher -T

The error (see below) means that the interface name is to long (max 15 characters).

Code

Error: Attribute failed policy validation.

So I changed that and got some other errors in syslog but found solutions online (I should have noted everything)

Important background to note:

Server IP: 192.168.16.64/24

Gateway: 192.168.16.1/24

PiHole: 192.168.16.65/24

But I got it working with the following:

1. The following file.

Important that it is the same IP as the host or it did not work for me. It was .66 but did not work, changed it to .64 and it worked.

Code

sudo cat /etc/netplan/90-macvlan-docker-interface.yaml 
network:
  version: 2
  renderer: networkd
  ethernets:
    macvlan_host:
      critical: true
      addresses:
        - 192.168.16.64/24
      routes:
        - to: 192.168.16.65/32
          via: 192.168.16.64
          metric: 100

Alles anzeigen

2. Installed networkd-dispatcher (already done but just to be complete)

3. Create the script /etc/networkd-dispatcher/configured.d/90-macvlan-docker-interface.sh.

I have the same script also under /etc/networkd-dispatcher/routable.d

I have not tested which directory is the one the is needed.

Code

sudo cat /etc/networkd-dispatcher/configured.d/90-macvlan-docker-interface.sh #! /bin/bash

ip link add macvlan_host link enp2s0 type macvlan mode bridge

4. Make the script executable (also already done just to be complete)

Code

sudo chmod o+x,g+x,u+x /etc/networkd-dispatcher/configured.d/90-macvlan-docker-interface.sh

5. Reboot

That is I think the safest thing to do.

Some errors I do remember:

1.

syslog

Code

Jul  9 22:30:48 **hostename** systemd-networkd[363]: macvlan_host: Could not set route: Nexthop has invalid gateway. Network is unreachable
Jul  9 22:30:48 **hostename** systemd-networkd[363]: macvlan_host: Failed

Problem was that in the yaml file the address was /32 instead of /24

matdb · 9. Juli 2023

Something totally different if that is ok to ask here.

I noticed a lot of interfaces from docker that are not used anymore. Is there a possibility to remove them?

To be clear, the docker networks are gone but the interfaces when doing "ip a" still exists.

Etereal · 7. November 2023

Hello,

I have the same problem described here.

I connect correctly to the server from the outside (mobile phone) using VPN (Wireguard) but it does not filter through Pihole, even when configuring it with its DNS.

I'm quite a newbie.

1. Is there an easier way to set this up?

2. Is it possible to create another network between the two containers (pihole and wireguard), so that they communicate with each other?

It's a shame not to be able to block ads from outside!!

Thank you all!!!!

Cannot use pihole DNS through wireguard VPN

Jetzt mitmachen!

Tags