Tunnel all Internet traffic - Pi-hole documentation (2024)

FAQs

Does WireGuard tunnel all traffic? ›

0.0/0 means all trafic gets routed through your wireguard VPN. But you could also only send specific IP's through the VPN. For eg with: 192.168. 1.100/32, 192.168.

Via this VPN, you can: use the DNS server and full filtering capabilities of your Pi-hole from everywhere around the globe. access your admin interface remotely. encrypt your Internet traffic.

Navigate to VPN | Settings and create the VPN policy for the Remote site. You can name the policy as VPN to Central Network. Select the Network tab and under Local Networks you can chose X0 Subnet. Under Remote Networks, select Use this VPN Tunnel as the default route for all Internet traffic.

WireGuard supports Full Tunnel VPN routing.

WireGuard is cryptographically superior to SSH, attaches at a network layer without fussy interactions with a Unix shell (that then also needs to be accounted for in a security model), has higher performance, is practically bulletproof in terms of keeping connections alive, and gets you direct access to whatever ...

WireGuard is used to secure the connection between your device and a VPN server. This is achieved with the creation of an encrypted tunnel through which your internet traffic is sent.

The only way for Pi-hole to slow down your network is if you've set up something to route all traffic via the Pi-hole server. Pi-hole only handles DNS queries, there is no way for it to slow down the internet connection at all, it doesn't see or handle any traffic other than DNS queries.

Pi-hole records DNS queries only (domain names), and then only if you have configured it to keep records. This information is retained both in an SQL database (/etc/pihole/pihole-FTL.

A vulnerability has been discovered in Pihole that allows an authenticated user on the platform to read internal server files arbitrarily, and because the application runs from behind, reading files is done as a privileged user.

Pushing the redirect-gateway option to clients will cause all IP network traffic originating on client machines to pass through the OpenVPN server. The server will need to be configured to deal with this traffic somehow, such as by NATing it to the internet, or routing it through the server site's HTTP proxy.

What is the difference between WireGuard full tunnel and split tunnel? ›

The main difference between a split tunnel vs. full tunnel VPN is that a full tunnel VPN shields all your online traffic with VPN encryption, while a split tunnel VPN allows you to divide your traffic, routing a portion of it through a VPN server while the rest of it travels the internet directly.

There are no known security flaws in either protocol. If security is your topmost priority, the conservative option is OpenVPN. It has simply been around much longer than WireGuard, gone through more third-party security audits, and has a far longer track record than WireGuard.

IPsec and WireGuard VPNs are comparable performance-wise across most platforms, with WireGuard being slightly faster.

WireGuard requires about 4,000 lines of code versus OpenVPN's 70,000 lines of code, which makes security audits and verification much easier for researchers.

With a VPN, all the user's traffic is routed through a single IP address of the VPN server they're connected to. Without a VPN, the traffic will show that it's being routed through many different IP addresses, based on the different websites the user visits.

Your data is encrypted between your device and the VPN server, but the VPN server decrypts the data as it leaves the VPN tunnel from your drive, and encrypts it as it enters the VPN tunnel to your device. This means that your VPN service can see your unencrypted internet traffic.

To view the status of one or more WireGuard tunnels, use the show wireguard [<instance>] command. This command prints the status of all WireGuard tunnels and can optionally limit the output to a specific instance.