Use pihole in local network without wireguard about wirehole HOT 15 OPEN

Hi @vic1707

i have the same usecase.
To seperate this Services (pihole over Wireguard and pihole local) i use follow repository. docker-pihole-unbound

This use the macvlan whis this network type you can use your local IP Range.
Example your Router Gateway is 192.168.178.1 you can change the docker-compose.yaml

      ServerIP: 192.168.178.5   # macvlan Host IP
      DNS1: 192.168.178.6   # unbound
      DNS2: 192.168.178.13  # second unbound ip
        ipv4_address: 192.168.178.5  # pihole
        ipv4_address: 192.168.178.6  # unbound

        - subnet: 192.168.178.0/24
          gateway: 192.168.178.1
          ip_range: 192.168.178.5/30

The next advantige is, that every client is seperate (over wirehole/vpn you see only one Client)

very important if you use unbound in docker, you have to add into the unbound.conf access-control: 0.0.0.0/0 allow otherwise the communication between other docker Services unbound not allowed. (ex. i use Nextcloud and Collabora Office in 2 differend Services)

from wirehole.

It doesn't sound like wirehole fits your use case. Have you looked at this? It sounds more appropriate for you. If I am mistaken, then I apologise.

from wirehole.

I added

    ports:
      - "80:80"
      - "53:53/tcp"
      - "53:53/udp"
      - "67:67/udp"

To make Pi-Hole work when I enter the server IP in my Wifi settings to make it block without having to use VPN. and using VPN on my iPhone. Also now I can reach the pi-hole admin panel from the hosts IP.

from wirehole.

@dom7686 you don't need a second instance. If you add on the pihole service a ports 53:53/tcp & udp this pihole service handle DNS Request on your local network. And if you open a Wireguard VPN Connection outside your Network, you use the same pihole / unbound instance.

    ports:
      - "53:53/tcp"
      - "53:53/udp"

To use the macvlan network you can have a look on this repository https://github.com/chriscrowe/docker-pihole-unbound/tree/master/two-container

from wirehole.

It doesn't sound like wirehole fits your use case. Have you looked at this? It sounds more appropriate for you. If I am mistaken, then I apologise.

Yes, I already have pihole+unbound working on my local network.

Now, I want to add wireguard to the stack in order to be able to connect to to my home when I am with my phone outside connected to the internet, so I can connect to my local network resources and also be ad-free using pihole.

With my current configuration, I only can use pihole in my home.
With this repository, I can use pihole outside my home.

What I want to achieve it to use this stack for both cases, would be possible?

from wirehole.

It doesn't sound like wirehole fits your use case. Have you looked at this? It sounds more appropriate for you. If I am mistaken, then I apologise.

Yes, I already have pihole+unbound working on my local network.

Now, I want to add wireguard to the stack in order to be able to connect to to my home when I am with my phone outside connected to the internet, so I can connect to my local network resources and also be ad-free using pihole.

With my current configuration, I only can use pihole in my home.
With this repository, I can use pihole outside my home.

What I want to achieve it to use this stack for both cases, would be possible?

I am unable to answer this. However, from my understanding, wirehole sets up a new net for wireguard connected devices. So, you should be able to but if someone else knows then please do chime in.

from wirehole.

It doesn't sound like wirehole fits your use case. Have you looked at this? It sounds more appropriate for you. If I am mistaken, then I apologise.

Yes, I already have pihole+unbound working on my local network.

Now, I want to add wireguard to the stack in order to be able to connect to to my home when I am with my phone outside connected to the internet, so I can connect to my local network resources and also be ad-free using pihole.

With my current configuration, I only can use pihole in my home.
With this repository, I can use pihole outside my home.

What I want to achieve it to use this stack for both cases, would be possible?

Hello,
Trying to do exactly this : having Pi-hole + unbound on the LAN and being able To connect to it via wireguard from the outside. Did you figure it out ?

from wirehole.

@vic1707 Have you found a way to achieve this? I have this same question.

from wirehole.

@vic1707 Have you found a way to achieve this? I have this same question.

i simply exposed the pi-hole ports then my computer can points to it via the local ip op my docker machine.

from wirehole.

@mr-bolle Can you elaborate on how that works with wireguard?

from wirehole.

@justmytwospence what i should explain?

If you enable the port mapping 53 to the host of the pihole service, your DNS requests only use unbound and pihole for DNS resolving.

Wireguard is only used if you would connect out of your private network.

from wirehole.

Got it, thanks.

from wirehole.

@mr-bolle I'm still not sure if I got this correctly.
in your setup are you running 2 pihole/unbound instances? or did you just change the network type to macvlan and added IP addresses to the compse file?

from wirehole.

@mr-bolle trying to read through how you solved this problem and I am just a bit confused.
You mention using the docker-pihole-unbound 2 container method (using macvlan) - where does the the wireguard interface come from? Is that from this wirehole setup or is it from an independent wireguard setup? Or did you use wirehole, but for macvlan you are suggesting reading through the two container method mentioned in the link.

from wirehole.

You mention using the docker-pihole-unbound 2 container method (using macvlan) - where does the the wireguard interface come from?

I only share the repository https://github.com/chriscrowe/docker-pihole-unbound/tree/master/two-container what i use with macvlan.

For wirehole i don't use macvlan.

Or did you use wirehole, but for macvlan you are suggesting reading through the two container method mentioned in the link.

This link only suggests a macvlan setup. Sorry if that wasn't clear described.

from wirehole.