Text only | Text with Images

OPNsense Forum

English Forums => Virtual private networks => Topic started by: kaneelschep on April 04, 2026, 11:46:59 AM

Title: Local Wireguard vpn and pihole dns server
Post by: kaneelschep on April 04, 2026, 11:46:59 AM
Hi all.


I searched but could'nt really find the answer.
So i set up the wireguard instance and made my peers. This was all quite straight forward with the opnsense guide.
But i also use a dns server on a pi with pihole. For my normal ip range on the opnsense router this works fine.

But I noticed the vpn is not using the pihole.
Probably as in the tutorial the dns is set to the first of the vpn ip range.

Can i just change this? Or what is the  way to make the vpn ip range also use the pihole dns server?

Thanks!
Title: Re: Local Wireguard vpn and pihole dns server
Post by: Patrick M. Hausen on April 04, 2026, 12:36:31 PM
You can just change this on the client side.
Title: Re: Local Wireguard vpn and pihole dns server
Post by: kaneelschep on April 04, 2026, 01:53:05 PM
Its that easy, eh! I will try that.
Thanks!
Title: Re: Local Wireguard vpn and pihole dns server
Post by: nero355 on April 04, 2026, 04:08:21 PM
Quote from: kaneelschep on April 04, 2026, 11:46:59 AMCan i just change this?
Yes, but...
QuoteOr what is the  way to make the vpn ip range also use the pihole dns server?
Also make sure that Pi-Hole accepts connections from your WireGuard subnet range !!

You can do two one things :
- Simply click in the webGUI the option to 'Accept DNS Queries from ALL Sources'.
- Or add a seperate DNSmasqd config line just for the WireGuard subnet range via the webGUI in Expert Mode.
/EDIT : This does not apply here!
See below : https://forum.opnsense.org/index.php?topic=51530.msg264425#msg264425 !!

After that everything should work as expected :)
Title: Re: Local Wireguard vpn and pihole dns server
Post by: kaneelschep on April 04, 2026, 10:11:10 PM
I have been looking into this. Giving ALL access does not seem like my preference.  :)
So I found the place to change the dnsmasq.
I also found how it supposedly should be entered

server=/myserver.com/#
address=/.myserver.com/100.101.102.103

I just dont seem to find how to translate this to my situation.

My iprange for the vpn tunnel is 10.1.3.1/24
How would I write this in?

Thanks!
Title: Re: Local Wireguard vpn and pihole dns server
Post by: nero355 on April 05, 2026, 01:36:25 AM
Quote from: kaneelschep on April 04, 2026, 10:11:10 PMI have been looking into this. Giving ALL access does not seem like my preference. :)
It's shown on this page : https://docs.pi-hole.net/ftldns/interfaces/

Since you don't have any of it's Interfaces connected to WireGuard the option 'Permit All Origins' is probably the way to go!

I see now that I need to edit my previous reply about this too...

QuoteSo I found the place to change the dnsmasq.
I also found how it supposedly should be entered

server=/myserver.com/#
address=/.myserver.com/100.101.102.103

I just dont seem to find how to translate this to my situation.

My iprange for the vpn tunnel is 10.1.3.1/24
How would I write this in?
That option is a way to control 'Conditional Forwarding' and "Help it a little to find the right DNS Server for a specific Domain" so to speak! ;)
Text only | Text with Images