Setting up a cloud instance with WireGuard VPN & Pihole (help)

[gil80]

Hi everyone,

Looking for someone who successfully set an Oracle cloud instance with Pihole and Wireguard VPN.
I've read and followed every guide I could find online, however, they only work to a certain point. When I try to use Oracle cloud with Wireguad as a split VPN where only the DNS traffic goes through WireGuard, I can't access the internet.

As I'm not a linux expert, I tried my best in the last 5 days to troubleshoot firewall rules and figure out why full tunnel works but not split tunnel.
Using my local network configuration at home, split-tunnel with Wireguard works well.

Appreciate it if someone could help out.

1. Installed an Oracle instance with Pihole and Wireguard.
2. Full tunnel works with WG DNS server = 1.1.1.1.
3. Split tunnel doesn't work.

The private IP of the Oracle instance is 10.0.0.3. That's also Pihole's IP.


WireGuard server = 10.0.1.1

interface: wg0 (I removed keys entries)

[interface]

private key: (hidden)

Address = 10.0.1.1/24

listening port: 51820

PostUp   = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE


### begin iphone8 ###

[Peer]

PublicKey = (key)

PresharedKey = (key)

AllowedIPs = 10.0.1.2/32

### end iphone8 ###

Client (I removed keys entries)

[interface]
Address = 10.0.1.2/24
DNS servers = 10.0.0.3
[peer]
Endpoint = public IP:51820
Allowed IPs = 10.0.0.3/32

This split tunnel set up doesn't work. I cannot even ping my client at 10.0.1.2.

If I set:

DNS servers = 1.1.1.1
Allows IPs = 0.0.0.0/32

IT WORKS. But that's full tunnel.

#: cat /etc/resolv.conf

# Generated by dhcpcd from ens3.dhcp
nameserver 127.0.0.1