Using a raspberry pi 3B+
Currently up to date raspberry pi OS v.6.12.47
Followed the docs to successfully install pi-hole, unbound, and wireguard.
The wireguard profile that only tunnels DNS traffic works as expected. However when I create a second profile to tunnel all traffic, it does not work.
It seems the issue arises at the point when I’m enabling IP forwarding and/or NAT on the server. Again, following the guide I’m supposed to uncomment lines in /etc/sysctl.d/99-sysctl.conf but that file doesn’t exist on my install. Creating the file and adding the lines also does not help. Best I can tell, the guide was written before rpiOS switched to use NetworkManager which screwing it all up.
Also if I add the suggested nftables rules to my server config to enable NAT then it breaks DNS resolution for everything.
Anyone able to help get it working with the latest rpiOS?
same issue here. untunneled works fine, when trying to setup fully tunneled sysctl.conf does not exist. I tried the same workaround as well adding the lines into a new file. I also tried adding them into /etc/sysctl.conf as well (also a new file btw) just because and it also made no difference. I attempted to just go past this stage and finish the setup for fully tunneled, and as you would expect the vpn doesn't work. I also figured that even on non tunneled I should be able to access my pihole interface from cellular data when on my wg vpn. Which also does not work, I’m assuming because it doesn’t have access to local devices. That being said I’m also having issues getting anything to load while using the vpn on cellular. So I’m not sure.
Did you leave in the PostUp and PostDown rules in the server config that is supposed to enable NAT? That is what broke stuff for me and after removing them, the only-DNS-over-wireguard method started working again and I can access the pihole interface on cellular.
Still would love to be able to set up a tunnel for all traffic.
Well out of desperation I tried to start fresh with a Bookworm based install but sadly the same thing happens. The rules to enable NAT on the server completely break DNS resolution for everything. Clearly these instructions have been out of date for a while. Really hope someone can update them for current Trixie installs.
Finally after weeks of banging my head against the wall I’ve found that this issue was already solved over a year ago but no one bothered to update the docs like they said they would. See this post by mod @Bucking_Horn which contains new properly working nftables rules to enable NAT.
The other smaller issue of enabling IP forwarding comes from RaspiOS no longer using /etc/sysctl.conf. You have to create the specified file and add the rules or just add them to the existing file /etc/sysctl.d/98-rpi.conf and then load that file with sudo sysctl -p /path/to/file. Hopefully someone can update the doc with these instructions as well.
Just to chime in that I also stumbled upon this very little problem myself earlier in the week - and having narrowed it to this little NAT 'misconfiguration' issue due to incorrect information in the documentation available, have eventually found the relevant thread and corrected PostUp / PostDown rules accordingly.
For what it's worth, relevant post below:
@Bucking_Horn, any joy with getting it mopped up for us here eventually?
