Wireguard VPN on Yunohost + using Pihole DNS ad blocking?

I have Wireguard on my Yunohost. Works great! I can connect to my Wireguard VPN and route my traffic through Yunohost.

Now, I want to also use the Pihole I have installed to filter ads.

  1. Is this possible?
  2. How to do it?

My yunohost is on but my Wireguard VPN is on I’m not sure exactly how to make all these interfaces talk to each other.

Welcome to the madness world of networking! I will be your none the wiser guide.
Your phrasing is not clear, I am assuming your YunoHost server and VPN endpoint are on separate machines.

Solutions I think of right now:

Networking route

Let’s try adding the following commands to the scripts. They are adding a route to your YunoHost server (and only to this single address with the /32 CIDR) from your WireGuard server.

Post Up:

; route add -net gw; ping -c1

The ping thingy is to initialize the route. I do not know if it is still required nowadays.

Post Down:

; route del -net gw

Restart WireGuard and try. :crossed_fingers:

Add your YunoHost server to WireGuard

Other solution, connect your YunoHost server as a WireGuard peer, and put its IP address as DNS server in WireGuard.

If PiHole and WireGuard VPN are on the same machine

see post 4 below.

1 Like

Ok. To be more clear Yunohost and Wireguard VPN endpoint are the same machine.

Yunohost machine acting as VPN server:
wireguard (according to ip a in terminal)
pi-hole installed

Phone to be used as a peer:
Use wireguard app to connect to Yunohost and use the Yunohost connection.

In the Wireguard GUI, it says under Wireguard Server settings that the IP address is So its IP address is actually

Ok so I will try to add this for post up

; route add -net gw; ping -c1

and this to post down

; route del -net gw


  • didn’t work
  • I also tried using my IP address of the Yunohost server
  • when I set Pi-hole to " Listen on all interfaces" the internet dies on me…hmm strange.
1 Like
; route add -net gw; ping -c1

No, if you do that, you tell the whole network that every machine’s localhost has to go through your VPN server. :upside_down_face:

If WireGuard and Pi-Hole are on the same machine, it is much simpler. Remove the extra postup and postdown commands. I have investigated on my own network, and you need to do one extra alteration:

If PiHole and WireGuard VPN are on the same machine

In PiHole settings:

Interface listening behavior:

Listen on all interfaces
Allows only queries from devices that are at most one hop away (local devices)

Create a new /etc/dnsmasq.d/vpn file and add your VPN server address to listen-address:


Restart dnsmasq: systemctl restart dnsmasq


Edit on 2021-10-21: Use a dedicated conf file to avoid making the regen-conf unhappy.

1 Like

You’re my Wireguard hero. Thank you for taking the time to troubleshoot this, and write your answers in a way that will be very beneficial to others reading.

Seriously. I’m starting to understand a bit about Wireguard now :smiley:


Wireguard works great outside my network, but my computer’s internet on my own wifi is weird. It doesn’t like listening on all interfaces for some reason. I need to investigate pihole a bit. All the phones on the Wifi work great, just the computer can’t resolve URLs now that it’s listening on all interfaces. So strange.
→ Mini solution to this: added a 02-interface.conf file to /etc/dnsmasq.d/ with two lines: interface=wg0 ; interface=enp4s0 #my ethernet interface

1 Like

That’s interesting. I have Yunohost on a Pi at home and acting as a 'Brique" (vpn providd by Franciliens) and the hotspot app for my wifi network at home. Do you think I can install the Wireguard app on my Pi and connect my phone (or laptop while travelling) to my Yunohost through Wireguard so I can use the vpn provided by Franciliens on my Pi?
Thank you.