Managing PiHole in docker + macvlan over Wireguard VPN

chente · Nov 28th 2023

Quote from fbeye

but am just curious if you could elaborate? I assume you mean something like dnsmasq or opendns or unbound?

No, none of that, it is an application owned by the router manufacturer.

fbeye · Nov 28th 2023

Oh ok cool. I am using opnsense but still redirecting to pi.

darkopi · Feb 2nd 2025

Quote from Thormir84

Oh is possible!

Read here:

EXAMPLE:
Your network is 192.168.1.0/24
Your OMV's network adapter is "eno1"
Pihole via MACVLAN is 192.168.1.200

You need to create a script like "macvlan_dummy.sh" or other (the name isn't important) like this:

#! /bin/bash

ip link add macvlan_dummy link eno1 type macvlan mode bridge
ip addr add 192.168.1.99/24 dev macvlan_dummy
ip link set macvlan_dummy up
ip route add 192.168.1.200/255.255.255.255 dev macvlan_dummy

Save the file inside the /root/

Launch: crontab -e

Add this line and save: @reboot /root/macvlan_dummy.sh

Launch: chmod +x macvlan_dummy.sh

Reboot.

Done.

If you want to try this script before, simply copy&paste in the prompt this, without #! /bin/bash:

ip link add macvlan_dummy link eno1 type macvlan mode bridge
ip addr add 192.168.1.99/24 dev macvlan_dummy
ip link set macvlan_dummy up
ip route add 192.168.1.200/255.255.255.255 dev macvlan_dummy

Display More

Unfortunately, this script doesn't work for me. I have AdGuard Home on macvlan and this script does not connect me to it via VPN but to the openmediavault login

darkopi · Feb 8th 2025

I'm not sure what I'm doing wrong, because after doing everything according to the instructions, I can access adguard in the LAN and ping from the host, but I can't see adguard outside the LAN through the wireguard vpn, which is also on the host.
Is it possible that iptables should also be set to forward to macvlan network in the wireguard settings?

Now I have it like this:

Code

PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o enp1s0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o enp1s0 -j MASQUERADE

Could this be a solution?

Code

PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -A FORWARD -i %i -o macvlan0 -j ACCEPT; iptables -A FORWARD -i macvlan0 -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o enp1s0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -D FORWARD -i %i -o macvlan0 -j ACCEPT; iptables -D FORWARD -i macvlan0 -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o enp1s0 -j MASQUERADE

Or maybe this?

Code

PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -A FORWARD -i %i -o macvlan0 -j ACCEPT; iptables -A FORWARD -i macvlan0 -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o enp1s0 -j MASQUERADE; iptables -t nat -A POSTROUTING -s 10.10.10.0/24 -d 192.168.1.0/24 -j ACCEPT
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -D FORWARD -i %i -o macvlan0 -j ACCEPT; iptables -D FORWARD -i macvlan0 -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o enp1s0 -j MASQUERADE; iptables -t nat -D POSTROUTING -s 10.10.10.0/24 -d 192.168.1.0/24 -j ACCEPT

EDIT:

Just to note that I am not using wireguard as an omv plugin but as an application installed on the host machine

Participate now!