I’m…totally lost here. You’re trying to use two different VPNs on your local network? If you want your Unbound device to be a VPN exit node for your network, why wouldn’t you just setup routes to make it your default gateway?
Using two different VPN tunnels like this is going to just cause routing issues all over the place if you’re already unfamiliar with how to setup the routing to begin with.
Maybe explain what your intended use is here to help us understand what you’re trying to accomplish.
I think you misunderstood part of my post, because there’s only one VPN tunnel, from the WG client on my phone to the WG server on my laptop.
I want my phone to use the Unbound DNS server, which is hosted locally on the same laptop that runs my Wireguard server.
EDIT: Note, I don’t want to setup the DNS router-side via DCHP because I want to use Unbound to block a bunch of stuff that my roommates use, like Facebook.
Ah, okay. If this is Android, just setup your Unbound host IP under ‘Private DNS’ on your phone then.
Note: this will cause issues once you leave your home network unless your WH tunnel is available from outside. Set the secondary DNS to Mullvad or another secure DNS provider if that’s the case and you shouldn’t have issues once leaving the house.
Depending on your router, you can also just set a static DHCP reservation for your phone only that sets these DNS servers for you without affecting all other DHCP devices.
Android doesn’t let me add an IP address under private DNS, it needs to be a domain (like dns.quad9.net rather than 9.9.9.9).
I tried adding a quick DuckDNS domain to my reverse proxy towards port 53, where Unbound is listening. It works, as in I can nslookup using the DuckDNS domain on my desktop (or on my phone when not connected to Wireguard) but if I try to set that domain as my private DNS on Android it says it can’t connect, whether or not I’m on my VPN.
Okay, let me just clarify some stuff here because your language has been confusing.
You’re using a “VPN”, but on a local network. When you say “VPN”, people assume mean you’re using a client to a remote location. That’s super confusing.
For what you’re trying to do you don’t even need WG unless you mean to use your DNS server from elsewhere.
Please clarify these two things, but I think you’re just complicating a simple setup for an ad blocking DNS server somehow, right?
The reason for the VPN is to have access to my Unbound DNS on my phone from anywhere, not only my local network. If I just wanted to configure the DNS on my local network, I’d set up static IP for my network in Android’s settings and input the DNS server manually. This works fine when I set it up, but like I said I want to use Unbound on my phone anywhere via Wireguard.
I’m not sure what’s the second thing you want me to clarify! Sorry for the confusion, I appreciate you trying to help out :)
I could do that, but I want to avoid opening ports on my router’s firewall apart from the one necessary for Wireguard. I can access all my other stuff through Wireguard, but I can’t wrap my head around why it seemingly can’t access Unbound on the local host.
When connected through wireguard can you access anything on the local network?
Also sometimes if you’re on an LAN trying to vpn into itself you get weird network issues. Does this issue also happen when you’re on another network and vpning back?
Also there’s a lot of great videos on YouTube to set this up things like Lawrence systems and network Chuck.
Not exactly sure what the issue is here but gave you the up vote for visability and hopefully someone smarter then me will know.
When connected through wireguard can you access anything on the local network?
Everything works as expected with Wireguard otherwise, I can ssh into my server or my desktop, and access the other things hosted on my server (although these are all through Docker, which is why I suspect container isolation to be an issue).
Does this issue also happen when you’re on another network and vpning back?
Yup, same issues whether I’m on the local network, the WiFi at work, or on LTE.
If I don’t remember wrong Android will always use your DNS config over the WG provided one so make sure to leave it blank. As for the routing I have a alternative solution that could maybe work using this app in combination with the WG tunnel. But when it comes to your current setup I suggest you try the following.
Make sure that the IP and port of your DNS are accessible from your Phone you can use Termux if you want to ping and do a nc to do this.
Make sure that the network that your WG connects to has its default DNS setup to be your unbound.
Consider getting a Router that can run OpenWRT and then learn about vlans to create two networks(also 2 wifis) one for your roomates and one for you. Also you could setup WG on the OpenWRT router itself!
If you really want to solve this problem you might want to read up on routing and networking in general! I suggest you start with Wikipedia! That’s atleast where I started! :D
I wish you good luck on you self hosting experience!
I tried this, as well as manually editing the DNS servers on the client side, but whether I use my host’s private local IP or my host’s docker interface IP it doesn’t seem to work.
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !selfhosted@lemmy.world
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.
Rules:
Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.
No spam posting.
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it’s not obvious why your post topic revolves around selfhosting, please include details to make it clear.
Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
No trolling.
Resources:
selfh.st Newsletter and index of selfhosted software and apps
I’m…totally lost here. You’re trying to use two different VPNs on your local network? If you want your Unbound device to be a VPN exit node for your network, why wouldn’t you just setup routes to make it your default gateway?
Using two different VPN tunnels like this is going to just cause routing issues all over the place if you’re already unfamiliar with how to setup the routing to begin with.
Maybe explain what your intended use is here to help us understand what you’re trying to accomplish.
I think you misunderstood part of my post, because there’s only one VPN tunnel, from the WG client on my phone to the WG server on my laptop.
I want my phone to use the Unbound DNS server, which is hosted locally on the same laptop that runs my Wireguard server.
EDIT: Note, I don’t want to setup the DNS router-side via DCHP because I want to use Unbound to block a bunch of stuff that my roommates use, like Facebook.
Ah, okay. If this is Android, just setup your Unbound host IP under ‘Private DNS’ on your phone then.
Note: this will cause issues once you leave your home network unless your WH tunnel is available from outside. Set the secondary DNS to Mullvad or another secure DNS provider if that’s the case and you shouldn’t have issues once leaving the house.
Depending on your router, you can also just set a static DHCP reservation for your phone only that sets these DNS servers for you without affecting all other DHCP devices.
Android doesn’t let me add an IP address under private DNS, it needs to be a domain (like dns.quad9.net rather than 9.9.9.9).
I tried adding a quick DuckDNS domain to my reverse proxy towards port 53, where Unbound is listening. It works, as in I can nslookup using the DuckDNS domain on my desktop (or on my phone when not connected to Wireguard) but if I try to set that domain as my private DNS on Android it says it can’t connect, whether or not I’m on my VPN.
Okay, let me just clarify some stuff here because your language has been confusing.
You’re using a “VPN”, but on a local network. When you say “VPN”, people assume mean you’re using a client to a remote location. That’s super confusing.
For what you’re trying to do you don’t even need WG unless you mean to use your DNS server from elsewhere.
Please clarify these two things, but I think you’re just complicating a simple setup for an ad blocking DNS server somehow, right?
The reason for the VPN is to have access to my Unbound DNS on my phone from anywhere, not only my local network. If I just wanted to configure the DNS on my local network, I’d set up static IP for my network in Android’s settings and input the DNS server manually. This works fine when I set it up, but like I said I want to use Unbound on my phone anywhere via Wireguard.
I’m not sure what’s the second thing you want me to clarify! Sorry for the confusion, I appreciate you trying to help out :)
So then just open the Unbound server to the internet, assign a hostname to it, and use it. Simple.
I could do that, but I want to avoid opening ports on my router’s firewall apart from the one necessary for Wireguard. I can access all my other stuff through Wireguard, but I can’t wrap my head around why it seemingly can’t access Unbound on the local host.
When connected through wireguard can you access anything on the local network?
Also sometimes if you’re on an LAN trying to vpn into itself you get weird network issues. Does this issue also happen when you’re on another network and vpning back?
Also there’s a lot of great videos on YouTube to set this up things like Lawrence systems and network Chuck.
Not exactly sure what the issue is here but gave you the up vote for visability and hopefully someone smarter then me will know.
Everything works as expected with Wireguard otherwise, I can ssh into my server or my desktop, and access the other things hosted on my server (although these are all through Docker, which is why I suspect container isolation to be an issue).
Yup, same issues whether I’m on the local network, the WiFi at work, or on LTE.
If I don’t remember wrong Android will always use your DNS config over the WG provided one so make sure to leave it blank. As for the routing I have a alternative solution that could maybe work using this app in combination with the WG tunnel. But when it comes to your current setup I suggest you try the following.
If you really want to solve this problem you might want to read up on routing and networking in general! I suggest you start with Wikipedia! That’s atleast where I started! :D
I wish you good luck on you self hosting experience!
Edit your DNS servers in the wireguard client config file
I tried this, as well as manually editing the DNS servers on the client side, but whether I use my host’s private local IP or my host’s docker interface IP it doesn’t seem to work.