I have a working wireguard instance and a pihole that drops a lot of advertising traffic running on the same router. All of the traffic is forced through the pihole via NAT rules. If I connect to my network with no VPN and run an adblock test (d3ward.github.io) about 64% of ads are blocked. If I connect to wireguard on my router and run the same test only 21% is blocked.
I cannot see how the Wireguard connection can avoid the pihole since all DNS traffic is forced (via a NAT port 53 rule) to go through there. I advertise my router as the DNS server and use the NAT rule to send it to the pihole (which is on a different IP range) so that I can switch it on and off easily.
Is there something in the wireguard protocol, as implemented in routeros, that would avoid that NAT rule? That's the only reason I can think of that it doesn't work.
I cannot see how the Wireguard connection can avoid the pihole since all DNS traffic is forced (via a NAT port 53 rule) to go through there. I advertise my router as the DNS server and use the NAT rule to send it to the pihole (which is on a different IP range) so that I can switch it on and off easily.
Is there something in the wireguard protocol, as implemented in routeros, that would avoid that NAT rule? That's the only reason I can think of that it doesn't work.
Statistics: Posted by dazzaling69 — Mon Jun 03, 2024 1:21 pm