I've had the complete opposite experience to the author w.r.t. PiHole and WireGuard.
I run a PiHole on my home network and it's also my WireGuard "server". I will concede am lucky enough to have static IPv4/IPv6 addresses on my home connection.
On my iOS devices I have two connections set up: one for "access to home + DNS", and the other for all traffic.
When I'm on my home wifi the VPN connection is off, when I'm on cellular data the DNS is set to the PiHole, and when I'm on any other wifi I route all traffic via the VPN (all automatically via the WireGuard app).
For my other mobile devices... well, they're Linux, so I just set the DNS server correctly and leave WireGuard always connected. It's a UDP "connection" for crying out loud.
This all works flawlessly now to the point that my less technically-minded roommate has it set up on their phone, too: they can access the NAS all the time and ads are blocked in the web browser and in apps.
Can you describe in more detail the iOS configuration? This is basically what I've been wanting to do, but haven't found out how to get the experience right on my phone.
I use the official WireGuard app from the app store. I have two connections configured.
Assume that the endpoint (i.e. server running wireguard on port 500) is 8.8.8.8:500, the IP of my iDevice on the VPN should be 192.128.1.254, my home LAN is 192.168.1.0/24, my PiHole is 192.168.1.2, and my home wifi SSID is Ycombinator.
Is this redundant, since 0.0.0.0 should include the 192.168.1.0/24 subnet? Not being a smart alec, I'm actually asking: I have an okay-ish understanding of networking stuff but not an expert.
Yes indeed, that’s how I have it setup. I have one WireGuard configuration on iOS, for both cellular and WiFi (except my home SSID). And it works like a charm.
pfSense + pfBlocker ~ OpenVPN because I'm pretty old - along with DNS over TLS & ICR what else.
Sidebar: I also have a copy of my desktop Firefox hosted as a RemoteApp on a Win10Ent VM, for the odd time I need remote access to a credentialed account while I'm away.
My comment on the Earn-it act is it's the natural outcome of unqualified US voters choosing unqualified politicians, thanks to largely inept news coverage.
Or if you want something more topic specific, Feinstein co-sponsors it so we can fully assume it elevates the whims of The State over the welfare of us.
I’ve got Pi-Hole and PiVPN with WireGuard setup as well, however not the two part like yours - I only turn on VPN on my iOS devices as needed, have you setup yours to auto connect based on name WiFi SSID? If so how?
I do the same thing with Wireguard. I have a "LAN" which consists of my workstation, 2 dedis, random VMs on demand, iPhone, iPad, home devices and two resolvers, one of which is a PiHole.
It's a spectacular experience when it comes to accessing all your stuff without multiple logins (since none of it is exposed to the internet) and Wireguard is blazing fast.
"I will concede am lucky enough to have static IPv4/IPv6 addresses on my home connection."
A while back, some HN commenters in a Wireguard thread tried to argue that all home connections have static IP addresses, or at least ones that do not change frequently enough to be an issue. If I had a static IP address I, too, would consider myself lucky.
Why not use use a dynamic dns service? My router updates my VPN's dns entry automatically at cloudflare when it gets a new up. Everything works like magic just like the previous poster's setup, except without a static home ip.
Many ISPs, particular in EMEA, don't even hand out public IP addresses to their customers; cf. CGNAT [0]. End users, at home, will get RFC1918 or RFC6598 IPs from their provider.
While they could still use a dynamic DNS service, the public IP that it sees will actually be a public IP address that is shared by many customers.
This works for me, my Pi has a little script to get public IP and update DNS. The rare IP switch at home is updated in 10 minutes. Bonus the endpoint is in my domain.
A lot of people who erroneously turn on PersistentKeepalive on their phones wind up with battery drain for clear reasons. Mobile phone users very much should not be using PersistentKeepalive.
I'm not affiliated with the WireGuard project, but I would appreciate it if you could encounter the issue again, and then submit an account of your experience and the logs from your device.
I run a PiHole on my home network and it's also my WireGuard "server". I will concede am lucky enough to have static IPv4/IPv6 addresses on my home connection.
On my iOS devices I have two connections set up: one for "access to home + DNS", and the other for all traffic. When I'm on my home wifi the VPN connection is off, when I'm on cellular data the DNS is set to the PiHole, and when I'm on any other wifi I route all traffic via the VPN (all automatically via the WireGuard app).
For my other mobile devices... well, they're Linux, so I just set the DNS server correctly and leave WireGuard always connected. It's a UDP "connection" for crying out loud.
This all works flawlessly now to the point that my less technically-minded roommate has it set up on their phone, too: they can access the NAS all the time and ads are blocked in the web browser and in apps.