I'm trying to setup Wireguard to use as a VPN on my server using [this guide](https://mikkel.hoegh.org/2019/11/01/home-vpn-server-wireguard/). I currently run Pihole on the same machine. | | | |-|-| | LAN | 192.168.1.* | | WG | 10.14.0.* | | WG Server Addr | 10.14.0.1 | | WG Client Addr | 10.14.0.10 | The handshake succeeds, and I can even ping IP addresses. However, it doesn't receive DNS responses. I checked in Wireshark and see the following: | | | | |-:|-|-| | WAN Client IP -> | Server IP | [Wireguard] | | WG Client IP -> | Server IP | [DNS Request] | | Server IP -> | Server IP | [DNS Request] | | Server IP -> | Server IP | [DNS Response] | | WG Server Addr -> | WG Client Addr | [DNS Response] | | WG Client Addr -> | WG Server Addr | [ICMP Port unreachable] | I'm admittedly pretty inexperienced when it comes to routing, but I've been at this for days with no success. Any help would be greatly appreciated. ## Edit I now realize that it would have been relevant to mention the my Pihole instance was running inside a rootless podman container. To test things further, I wrote a small echo server and spun it up on bare metal. Wireguard had no issues with that. My guess is that something between wireguard and specifically rootless podman was going wrong. I still don't know what, unfortunately. My fix was to put Pihole in a privileged podman container with a network and static IP e.g. `--net bridge:ip=10.88.0.230`. I also put wireguard into a privileged podman container on the same network `--net bridge`. Finally, I set the peer DNS to the Pihole's static IP on the podman network (10.88.0.230). As I said before, I still don't know why podman wasn't replying to the correct IP initially. I'm happy with my fix, but I'd still prefer the containers to be rootless so feel free to message me if you have any suggestions.