So I just configured the wireguard image and I got it running. I can access all my local IP’s and stuff but there is one thing I can’t figure out.
The DNS won’t work if I set it to my hosts internal IP.
I have pretty much everything running in containers, from nginx, mariadb, pi-hole etc.
I use pi-hole as my internal DNS but if I make my wireguard client use my internal IP as DNS it wont work.
The thing is that I can access all nginx on the same IP and all other services that are running inside containers.
I can even specify it to use my routers DNS and it will work. But when I try to use the host IP (which looks up DNS just fine internally) it stops working. I just get a timeout.
I can’t figure out why the DNS won’t work if I use the host IP (192.168.9.2) but it will work if I use any other DNS server, including my routers (192.168.9.2).
It would make more sense if I could access 192.168.9.2 at all, but all other services work except DNS.
Does anyone have any clues to what could be wrong here?
My compose file below:
version: "2.1"
services:
wireguard:
image: linuxserver/wireguard
container_name: wireguard
cap_add:
- NET_ADMIN
- SYS_MODULE
environment:
- PUID=1000
- PGID=1000
- TZ=Europe/Stockholm
- SERVERURL=wg.domain.com #optional
- SERVERPORT=51820 #optional
- PEERS=1 #optional
- PEERDNS=auto #optional
- INTERNAL_SUBNET=10.13.13.0 #optional
volumes:
- /etc/wireguard:/config
- /lib/modules:/lib/modules
ports:
- 51820:51820/udp
sysctls:
- net.ipv4.conf.all.src_valid_mark=1
restart: unless-stopped
Client config below:
[Interface]
PrivateKey = <private key here>
ListenPort = 51820
Address = 10.13.13.2/32
DNS = 10.13.13.1
[Peer]
PublicKey = <public key here>
AllowedIPs = 0.0.0.0/1, 128.0.0.0/1, ::/1, 8000::/1
Endpoint = wg.domain.com:51820
Server config below:
[Interface]
Address = 10.13.13.1
ListenPort = 51820
PrivateKey = <private key here>
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
[Peer]
PublicKey = <public key here>
AllowedIPs = 10.13.13.2/32
The reason I want to use pi-hole as DNS over wireguard is because I have local dns entries in pi-hole which points to my local IPs.