So I just configured the wireguard image and I got it running. I can access all my local IP’s and stuff but there is one thing I can’t figure out.
The DNS won’t work if I set it to my hosts internal IP.
I have pretty much everything running in containers, from nginx, mariadb, pi-hole etc.
I use pi-hole as my internal DNS but if I make my wireguard client use my internal IP as DNS it wont work.
The thing is that I can access all nginx on the same IP and all other services that are running inside containers.
I can even specify it to use my routers DNS and it will work. But when I try to use the host IP (which looks up DNS just fine internally) it stops working. I just get a timeout.
I can’t figure out why the DNS won’t work if I use the host IP (192.168.9.2) but it will work if I use any other DNS server, including my routers (192.168.9.2).
It would make more sense if I could access 192.168.9.2 at all, but all other services work except DNS.
Does anyone have any clues to what could be wrong here?
My compose file below:
version: "2.1" services: wireguard: image: linuxserver/wireguard container_name: wireguard cap_add: - NET_ADMIN - SYS_MODULE environment: - PUID=1000 - PGID=1000 - TZ=Europe/Stockholm - SERVERURL=wg.domain.com #optional - SERVERPORT=51820 #optional - PEERS=1 #optional - PEERDNS=auto #optional - INTERNAL_SUBNET=10.13.13.0 #optional volumes: - /etc/wireguard:/config - /lib/modules:/lib/modules ports: - 51820:51820/udp sysctls: - net.ipv4.conf.all.src_valid_mark=1 restart: unless-stopped
Client config below:
[Interface] PrivateKey = <private key here> ListenPort = 51820 Address = 10.13.13.2/32 DNS = 10.13.13.1 [Peer] PublicKey = <public key here> AllowedIPs = 0.0.0.0/1, 22.214.171.124/1, ::/1, 8000::/1 Endpoint = wg.domain.com:51820
Server config below:
[Interface] Address = 10.13.13.1 ListenPort = 51820 PrivateKey = <private key here> PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE [Peer] PublicKey = <public key here> AllowedIPs = 10.13.13.2/32
The reason I want to use pi-hole as DNS over wireguard is because I have local dns entries in pi-hole which points to my local IPs.