What is the cleanest way to incorporate IPSec & Wireguard? #15
Comments
rajannpatel
added
enhancement
rajannpatel
changed the title
|
@dan-v has forked and modified Algo (https://github.com/dan-v/algo) to set Pi-Hole as the default Ad Blocker. If you install this forked version of Algo and enable the ad blocking DNS while setting it up, once you make a VPN connection you can navigate to |
|
@rajannpatel Check out Streisand and also this guide in using it along with wireguard. I would very much like if wireguard was the preferred way of setting up this project |
|
I am working on a Wireguard version of this with both Split Tunnel (for DNS over VPN only) and Full Tunnel (everything except for LAN) capabilities, but I need some time to finalize some implementation details. |
would this wireguard split tunnel+pihole be tracked as a new issue? or would i be able to track it on this thread? thanks for all your work! really appreciate it.. |
|
I will post a new public repository when this is available. Realistically, this may take me until Q4 of 2019 to get this finalized, if not longer. |
|
Would LOVE wireguard support on this! Keep up the amazing work....I can wait! OpenVPN is good for now :D |
|
Any update on your WireGuard guide? I'm stuck on setting up WireGuard+PiHole :'( I need help setting up my IP's and such. |
|
You could achieve this in Wireguard by making the Allowed IPs only the subnet of the Wireguard VPN interface, and setting the DNS server as the IP of the Wireguard server. For example - set the allowed IPs to 10.16.0.0/24 whilst keeping the DNS Server in the Wireguard config as 10.16.0.1. That way only traffic that is destined for the Wireguard subnet, and in this case, DNS requests, are routed through Wireguard. On Android 10 you can set Private DNS, but this requires configuring a hostname. You would want to have an A Record on a domain pointing to your 10.16.0.1 IP as well. The Private DNS option requires a hostname. You can register a free DNS record on http://freedns.afraid.org/ or through your registrar if you have a domain name of your own. A similar approach would be required in iOS. I haven't even begun the guide, but this is the route I'm thinking we should be going. |
I think this comment should be on the readme, this help me so much, now I can split tunnel with wireguard, thank you VERY MUCH! |
Not sure if I'm reading this correctly. My goal is also to enable split tunnel mode with WireGuard. Are the steps listed above enough to accomplish this (I.e. just need to add the Wireguard profile to the client). Or are the steps below (changing the DNS) also needed. If the steps below are also needed, then this split tunnel solution would not work over cellular or automatically when connecting to a new wifi network (on iOS as the DNS would need to be manually changed)? From what I've read you can enable a split tunnel mode with Wireguard by changing allowedIPs in the .conf to the only the DNS server so only those queries are routed over the VPN. I am confused here because AFAIK IP address to which DNS queries are made can be different and it would be impossible to always route DNS through the VPN (I.e. when connecting to new networks or over cellular.
|
|
This guide walks you through running a script which will configure a Split Tunnel IPv6 Wireguard connection for your Android, iOS, Linux, macOS, & Windows devices. All you need to do is run a script, scan a QR code, and you're blocking ads. |
After some further research, it appears that a quick way to get a broad range of VPN types supported would require:
You will get OpenVPN, IPSec, and Wireguard VPN capability on your Pi-Hole after that.
If anyone succeeds with this end-goal of supporting a broader range of VPN types, please submit a PR.
The text was updated successfully, but these errors were encountered: