Local Wireguard vpn and pihole dns server

Started by kaneelschep, April 04, 2026, 11:46:59 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
April 04, 2026, 11:46:59 AM Last Edit: April 04, 2026, 06:35:19 PM by kaneelschep
Hi all.


I searched but could'nt really find the answer.
So i set up the wireguard instance and made my peers. This was all quite straight forward with the opnsense guide.
But i also use a dns server on a pi with pihole. For my normal ip range on the opnsense router this works fine.

But I noticed the vpn is not using the pihole.
Probably as in the tutorial the dns is set to the first of the vpn ip range.

Can i just change this? Or what is the  way to make the vpn ip range also use the pihole dns server?

Thanks!
April 04, 2026, 12:36:31 PM #1
You can just change this on the client side.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
April 04, 2026, 01:53:05 PM #2
Its that easy, eh! I will try that.
Thanks!
April 04, 2026, 04:08:21 PM #3 Last Edit: Today at 01:38:26 AM by nero355
Quote from: kaneelschep on April 04, 2026, 11:46:59 AMCan i just change this?
Yes, but...
QuoteOr what is the  way to make the vpn ip range also use the pihole dns server?
Also make sure that Pi-Hole accepts connections from your WireGuard subnet range !!

You can do two one things :
- Simply click in the webGUI the option to 'Accept DNS Queries from ALL Sources'.
- Or add a seperate DNSmasqd config line just for the WireGuard subnet range via the webGUI in Expert Mode.
/EDIT : This does not apply here!
See below : https://forum.opnsense.org/index.php?topic=51530.msg264425#msg264425 !!

After that everything should work as expected :)
Weird guy who likes everything Linux and *BSD on PC/Laptop/Tablet/Mobile and funny little ARM based boards :)
April 04, 2026, 10:11:10 PM #4
I have been looking into this. Giving ALL access does not seem like my preference.  :)
So I found the place to change the dnsmasq.
I also found how it supposedly should be entered

server=/myserver.com/#
address=/.myserver.com/100.101.102.103

I just dont seem to find how to translate this to my situation.

My iprange for the vpn tunnel is 10.1.3.1/24
How would I write this in?

Thanks!
Today at 01:36:25 AM #5
Quote from: kaneelschep on April 04, 2026, 10:11:10 PMI have been looking into this. Giving ALL access does not seem like my preference. :)
It's shown on this page : https://docs.pi-hole.net/ftldns/interfaces/

Since you don't have any of it's Interfaces connected to WireGuard the option 'Permit All Origins' is probably the way to go!

I see now that I need to edit my previous reply about this too...

QuoteSo I found the place to change the dnsmasq.
I also found how it supposedly should be entered

server=/myserver.com/#
address=/.myserver.com/100.101.102.103

I just dont seem to find how to translate this to my situation.

My iprange for the vpn tunnel is 10.1.3.1/24
How would I write this in?
That option is a way to control 'Conditional Forwarding' and "Help it a little to find the right DNS Server for a specific Domain" so to speak! ;)
Weird guy who likes everything Linux and *BSD on PC/Laptop/Tablet/Mobile and funny little ARM based boards :)
Print
Go Up Pages1
User actions