Thanks @frenck, works out of the box with AdGuard.
I’m not an expert, but I try to answer: With Nabu Casa, you get access to your frontend and you can use services like Google Assistant, Alexa and Webhooks.
With VPN, it’s like you were in your LAN: You can access your frontend, Samba, ssh… and also your other devices in your LAN. But no functionality for Alexa, Webhooks…
Hi Jeff,
I do not use Pi-Hole, that’s why I can not help you specifically with that.
I don’t use duckdns for SSL, but I use it now for referring to my changing public IP. I think that part is not included in the video (if I remember correctly). Maybe that’s what is missing?
So my host is “mysubdomain.duckdns.org”.
My dns entry is empty, but maybe that’s where the Pi-Hole information should go to…
I still can’t get my connected clients to have ads blocked with adguard. Adguard works fine for me locally.
The documentation shows to add this for adguard to work:
"dns": [
"172.30.32.1"
But that doesn’t have any effect for me.
Which device are you running? On my Android 9 Smartphone I had to disable the Private DNS feature.
Thanks for the reply Der-Optimist, I really appreciate it!
That could be, but since I use DuckDNS, that’s the domain that I use as well.
I am running Android 10.
I turned Private DNS off > Turn Wiregaurd On > Visit website and I still see ads
Turn Wiregaurd OFF > On home wifi > Viist the same site above, all ads are blocked
dear,
here if i want to use wireguard from internet (not locally) i require domain (duckdns/no-ip/etc…)
this was possible when i was using static ip before, but now i am with dynamic ip.
can somebody help me to configure domain on dynamic, as i am unable to connect my domain from internet.
thanks in adv.
Did you check the AdGuard query log? I see the wireguard addon as a client in there when I am connected with my phone: a0d7b954-wireguard.local.hass.io
Did you check if you surf with your home IP when connected?
-> https://www.whatismyip.com
Which browser do you use and does it have DoH enabled?
Thank you for the work, i just set it up on my Hassio instance, can ping the wireguarg ip interface but if i try to to ssh or access the web page i get connection refused. Is there some forwarding to enable in HAssio?
Thanks
mmhh where is that?
It’s a OnePlus 3t: Settings | Wi-Fi & Internet | Private DNS
So using this kind of home VPN allows secure connection to my LAN and I can browse internet through my home ISP only and it do not encrypt my connection to internet, right? So my ISP can see my traffic then? It doesn’t work like HideMyAss or similar services, correct?
Thank you.
so the only issue i’m having is… i setup mine with the duckdns address. everything works locally on my home network fine. however, once i leave my home network, suddenly i have no internet connection… is anyone else having that issue? the point of a vpn is partially for data encryption, but partially for access to a network when not on that network without having to forward a bunch of devices and/or ports
update(9/13/19):
it looks like i’m actually not able to connect to the internet either way… so it seems it’s not working at all for me yet
update(9/16/13):
i got it working. i had a typo on the IP address in the forwarded port
For people that want to access LAN only through the VPN but internet through their regular traffic (eg to access local services at home, but from anywhere without forwarding ports)
you can change your config up a bit similar to this:
[Interface]
PrivateKey = YOURPRIVATEKEY=
Address = 10.99.97.2/22
DNS = 172.16.0.1 #YOUR HOME DNS FOR LOCAL SERVICES OR 1.1.1.1
[Peer]
PublicKey = THISISYOURPUBLICKEY=
AllowedIPs = 172.16.0.0/24 #HOME LAN NETWORK
Endpoint = vpn.yourhome.com:51820
I have my network setup like this, took a lot of trial and error but I’ve finally managed it.
I use a tinker-board as a VPN gateway which connect to PIA’s VPN servers, then I use another Tinker-board to VPN into my network.
So about 98% of traffic in/out is encrypted (the only think I can’t seem to put through the VPN is my TV’s, Netflix doesn’t like it).
You might find these tutorial’s useful:
Is anyone else experiencing low bandwidth when using Wireguard?
I have a 1gbit down/up connection, I get 200-300 mbps when doing a speedtest on wifi, but if I enable wireguard I get around 25-30 mbps.
Hardware: Intel nuc7pjyh, latest hassos/hassio installed on ssd, cpu usage is max 5% during speed test.
So perhaps I am being dense but its not clear to me how I have more then one client connected. It seems to work just fine when I have a single client but when i add another peer it stops working on both. I have the following config in the hass add on
{
"server": {
"host": "automation.xxxxxxxx",
"addresses": [
"172.27.66.1"
],
"dns": []
},
"peers": [
{
"pre_shared_key": "!secret wireguard_preshared_key",
"name": "laptop",
"addresses": [
"172.27.66.2"
],
"allowed_ips": [],
"client_allowed_ips": []
},
{
"pre_shared_key": "!secret wireguard_preshared_key",
"name": "iPhone",
"addresses": [
"172.27.66.3"
],
"allowed_ips": [],
"client_allowed_ips": []
}
]
}
Any thoughts on what might be happening here ? Again, it works fine with the following only
{
"server": {
"host": "automation.xxxxxxxx.com",
"addresses": [
"172.27.66.1"
],
"dns": []
},
"peers": [
{
"pre_shared_key": "!secret wireguard_preshared_key",
"name": "laptop",
"addresses": [
"172.27.66.2"
],
"allowed_ips": [],
"client_allowed_ips": []
}
]
}
But as soon as I add a second host it fails…
Mine works ok - the only difference between our config is I don’t specify a pre_shared_key
I’m running Dnsmasq alongside WireGuard, and adding "dns": ["172.30.32.1"]
to the add-on config wasn’t working for me.
I then realized this setting is actually used to generate client configurations (that are then imported into clients), as described in the README.md from WireGuard add-on. Since I had already exported the config and setup my Android client before having the right DNS setting in the add-on config, it was still using the default DNS (1.1.1.1 in my case).
Updating the WireGuard settings on my client to use “172.30.32.1” worked for me - maybe this would also apply for AdGuard/Pi-hole?