WireGuard

This is an automated archive.

The original was posted on /r/wireguard by /u/rocampana on 2023-12-25 22:32:56+00:00.

---

Does it support Wireguard? it’s not clear in the specifications

This is an automated archive.

The original was posted on /r/wireguard by /u/happydutch on 2023-12-25 19:30:55+00:00.

---

I have a mesh setup and like to add some road warrior clients that send all traffic through a server which is not a gateway but has internet access (Eero router is gateway). Hope the question is clear enough 😊

This is an automated archive.

The original was posted on /r/wireguard by /u/Tinkous on 2023-12-25 16:48:21+00:00.

---

Hi there

After updating to Sonoma WireGuard has stopped working on my Mac. It still works on iPhone with the same config file.

On the Mac it connects in the Ui but no traffic seems to go through. Cannot even ping router at home.

WireGuard server is a FRITZ!Box router. Log file shows:

2023-12-25 17:49:30.728 [NET] peer(mUuZ…zyDU) - Sending handshake initiation 2023-12-25 17:49:30.730 [NET] peer(mUuZ…zyDU) - Failed to send handshake initiation: no known endpoint for peer

Any idea where I should start troubleshooting? I have read a lot about issues with WG and latest MacOS versions. For some people it works after reconnecting to WiFi. But for me it’s always connected but no traffic. Any idea where I should start looking? I think I did something wrong in the configuration.

This is an automated archive.

The original was posted on /r/wireguard by /u/Tinkous on 2023-12-25 16:48:21+00:00.

---

Hi there

After updating to Sonoma WireGuard has stopped working on my Mac. It still works on iPhone with the same config file.

On the Mac it connects in the Ui but no traffic seems to go through. Cannot even ping router at home.

WireGuard server is a FRITZ!Box router. Log file shows:

2023-12-25 17:49:30.728 [NET] peer(mUuZ…zyDU) - Sending handshake initiation 2023-12-25 17:49:30.730 [NET] peer(mUuZ…zyDU) - Failed to send handshake initiation: no known endpoint for peer

Any idea where I should start troubleshooting? I have read a lot about issues with WG and latest MacOS versions. For some people it works after reconnecting to WiFi. But for me it’s always connected but no traffic. Any idea where I should start looking? I think I did something wrong in the configuration.

This is an automated archive.

The original was posted on /r/wireguard by /u/jfoucher on 2023-12-24 14:50:35+00:00.

---

Hi everyone, and sorrry if this has been asked before, I couldn't find anything relevant. This is question before I invest the time to install wireguard on all my devices.

I understand how to setup wireguard to "bypass" my ISP's CGNAT connection. I have my NAS on my local network, which I should be able to access remotely through wireguard running on a VPS. However, when I am at home, connected to my local network and I use the wireguard ip for my NAS, will the packets still be routed though the VPS, or will they go directly to and from the NAS to my computer ? Tailscale (which I am now using) gives me more or less the full local bandwith when connected locally. Will wireguard do the same?

Thanks.

This is an automated archive.

The original was posted on /r/wireguard by /u/Away-Net8462 on 2023-12-24 11:46:03+00:00.

---

VPS setup: Debian 12 with working wireguard in based out of NY

Netgear 7800: Running on DD-WRT r54569 with wireguard routing all traffic via wireguard tunnel

With wireguard UP I can connect to Netflix and watch videos. The problem I'm having is the videos that are advertised as Dolby Vision are not being broadcast in Dolby Vision. With wireguard DOWN I can watch the same video broadcast in Dolby Vision. My internet speeds with wiregaurd ON far exceeds the minimum requirements to stream Dolby Vision in 4K.

My three DNS servers:

Static DNS 1

9.9.9.9

Static DNS 2

1.1.1.1

Static DNS 3

1.0.0.1

Has anyone else encountered this problem or have a solution?

This is an automated archive.

The original was posted on /r/wireguard by /u/Away-Net8462 on 2023-12-24 11:46:03+00:00.

---

VPS setup: Debian 12 with working wireguard in based out of NY

Netgear 7800: Running on DD-WRT r54569 with wireguard routing all traffic via wireguard tunnel

With wireguard UP I can connect to Netflix and watch videos. The problem I'm having is the videos that are advertised as Dolby Vision are not being broadcast in Dolby Vision. With wireguard DOWN I can watch the same video broadcast in Dolby Vision. My internet speeds with wiregaurd ON far exceeds the minimum requirements to stream Dolby Vision in 4K.

My three DNS servers:

Static DNS 1

9.9.9.9

Static DNS 2

1.1.1.1

Static DNS 3

1.0.0.1

Has anyone else encountered this problem or have a solution?

This is an automated archive.

The original was posted on /r/wireguard by /u/eightpointsinblue on 2023-12-23 22:02:38+00:00.

---

Allow me to get the juicy deets out of the way first

server settings (10.0.0.1/24)

[Interface]
Address = 10.0.0.1/24
SaveConfig = true
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eno0 -j MASQUERADE;
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eno0 -j MASQUERADE;
ListenPort = 51820
PrivateKey = [REDACTED]

[Peer]
PublicKey = [REDACTED]
AllowedIPs = 10.0.0.2/32
Endpoint = [REDACTED]:50135

Client (WIN 11; 10.0.0.2/32)

[Interface]
PrivateKey = [REDACTED]
Address = 10.0.0.2/32

[Peer]
PublicKey = [REDACTED]
AllowedIPs = 0.0.0.0/0
Endpoint = [REDACTED]:51820
PersistentKeepalive = 30

Wireguard is able to handshake and maintain the connection between the Ubuntu Linux server and the Windows11 client, but my attempts to ping outside my LAN (ping 8.8.8.8) are timing out.

Readout from running ~# wg-quick up wg0

[#] ip link add wg0 type wireguard
[#] wg setconf wg0 /dev/fd/63
[#] ip -4 address add 10.0.0.1/24 dev wg0
[#] ip link set mtu 1420 up dev wg0
[#] iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eno0 -j MASQUERADE;

Readout from running ~# sysctl net.ipv4.ip_forward

net.ipv4.ip_forward = 1

Any suggestions to get my WAN access restored via this WG VPN?

This is an automated archive.

The original was posted on /r/wireguard by /u/Elmidea on 2023-12-23 20:34:11+00:00.

---

Hi,

First of all, I KNOW that my title is wrong.

My understanding is that Wireguard had no separate server and client, as everything is a peer for him, so I should be able to do both at the same time with no issue, right?

But here's the question, if my device (PC1) is connected "as a client" to a distant wireguard "server"(PC2), can I connect another computer (PC3) to PC1 at the same time? Or will it decline the connection, or maybe close the first one?

Thank you.

Here's more informations about my setup, not sure it's needed:

A) PC1 (raspberry pi 4, WG installed on RaspberryOS via pivpn script) => PC2 (distant VM, WG installed on Ubuntu via pivpn script) (This works already)

B) PC3 (same as PC1) => PC1 (my project), must be connected at the same time as A).

Will PC1 be able handle both at the same time?

Thank you!

EDIT: Apparently Wireguard can work with multiple simultaneous links at the same time, but do I need a different private key or the same one for PC3 to PC1 as the ones used from PC1 to PC2? kinda lost at this step.

EDIT2: It cant be as simple as create a second peer in the conf right?

This is an automated archive.

The original was posted on /r/wireguard by /u/eightpointsinblue on 2023-12-23 22:02:38+00:00.

---

Allow me to get the juicy deets out of the way first

server settings (10.0.0.1/24)

[Interface]
Address = 10.0.0.1/24
SaveConfig = true
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eno0 -j MASQUERADE;
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eno0 -j MASQUERADE;
ListenPort = 51820
PrivateKey = [REDACTED]

[Peer]
PublicKey = [REDACTED]
AllowedIPs = 10.0.0.2/32
Endpoint = [REDACTED]:50135

Client (WIN 11; 10.0.0.2/32)

[Interface]
PrivateKey = [REDACTED]
Address = 10.0.0.2/32

[Peer]
PublicKey = [REDACTED]
AllowedIPs = 0.0.0.0/0
Endpoint = [REDACTED]:51820
PersistentKeepalive = 30

Wireguard is able to handshake and maintain the connection between the Ubuntu Linux server and the Windows11 client, but my attempts to ping outside my LAN (ping 8.8.8.8) are timing out.

Readout from running ~# wg-quick up wg0

[#] ip link add wg0 type wireguard
[#] wg setconf wg0 /dev/fd/63
[#] ip -4 address add 10.0.0.1/24 dev wg0
[#] ip link set mtu 1420 up dev wg0
[#] iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eno0 -j MASQUERADE;

Readout from running ~# sysctl net.ipv4.ip_forward

net.ipv4.ip_forward = 1

Any suggestions to get my WAN access restored via this WG VPN?

This is an automated archive.

The original was posted on /r/wireguard by /u/Elmidea on 2023-12-23 20:34:11+00:00.

---

Hi,

First of all, I KNOW that my title is wrong.

My understanding is that Wireguard had no separate server and client, as everything is a peer for him, so I should be able to do both at the same time with no issue, right?

But here's the question, if my device (PC1) is connected "as a client" to a distant wireguard "server"(PC2), can I connect another computer (PC3) to PC1 at the same time? Or will it decline the connection, or maybe close the first one?

Thank you.

Here's more informations about my setup, not sure it's needed:

A) PC1 (raspberry pi 4, WG installed on RaspberryOS via pivpn script) => PC2 (distant VM, WG installed on Ubuntu via pivpn script) (This works already)

B) PC3 (same as PC1) => PC1 (my project), must be connected at the same time as A).

Will PC1 be able handle both at the same time?

Thank you!

EDIT: Apparently Wireguard can work with multiple simultaneous links at the same time, but do I need a different private key or the same one for PC3 to PC1 as the ones used from PC1 to PC2? kinda lost at this step.

EDIT2: It cant be as simple as create a second peer in the conf right?

This is an automated archive.

The original was posted on /r/wireguard by /u/polishprocessors on 2023-12-23 19:13:58+00:00.

---

Does anyone know if it's possible to use wireguard to bypass paying for paid internet? I imagine it might be by setting up wireguard to listen on another port than standard (443 or 53 or the like) but has anyone tried and succeeded or have a guide?

This is an automated archive.

The original was posted on /r/wireguard by /u/BigSkidz on 2023-12-23 18:24:15+00:00.

---

I have used the following guide on applying client network restrictions with iptables in linux.

My aim is to have the following restrictions:

Client 1 (10.0.0.2) - Access everything

Client 2 (10.0.0.3) - Access only 192.168.5.3 on port 32400

Below are my postup and postdown rules which run when wireguard is up/down:

postup.sh:

WIREGUARD_INTERFACE=wg0

WIREGUARD_LAN=10.0.0.0/24

MASQUERADE_INTERFACE=eth0

iptables -t nat -I POSTROUTING -o $MASQUERADE_INTERFACE -j MASQUERADE -s $WIREGUARD_LAN

# Add a WIREGUARD_wg0 chain to the FORWARD chain

CHAIN_NAME="WIREGUARD_$WIREGUARD_INTERFACE"

iptables -N $CHAIN_NAME

iptables -A FORWARD -j $CHAIN_NAME

# Accept related or established traffic

iptables -A $CHAIN_NAME -o $WIREGUARD_INTERFACE -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT

# Accept all traffic from any owen_client address connected to the Wireguard server

iptables -A $CHAIN_NAME -s 10.0.0.2 -i $WIREGUARD_INTERFACE -j ACCEPT

#Accept traffic from plex1_client address to plex-prod server on port 32400

iptables -A $CHAIN_NAME -s 10.0.0.3 -i $WIREGUARD_INTERFACE -d 192.168.5.3 -p tcp --dport 32400 -j ACCEPT

#Drop everything else coming through the Wireguard interface

iptables -A $CHAIN_NAME -i $WIREGUARD_INTERFACE -j DROP

# Return to FORWARD chain

iptables -A $CHAIN_NAME -j RETURN

postdown.sh:

WIREGUARD_INTERFACE=wg0

WIREGUARD_LAN=10.0.0.0/24

MASQUERADE_INTERFACE=eth0

CHAIN_NAME="WIREGUARD_$WIREGUARD_INTERFACE"

iptables -t nat -D POSTROUTING -o $MASQUERADE_INTERFACE -j MASQUERADE -s $WIREGUARD_LAN

# Remove and delete the WIREGUARD_wg0 chain

iptables -D FORWARD -j $CHAIN_NAME

iptables -F $CHAIN_NAME

iptables -X $CHAIN_NAME

I have an issue though where with UFW enabled I can access everything on both clients. With UFW disabled the ip table restrictions work perfectly.

Below are by UFW rules:

Status: active

Logging: on (low)

Default: deny (incoming), allow (outgoing), deny (routed)

New profiles: skip

To Action From

-- ------ ----

51820/udp ALLOW IN Anywhere

22/tcp (OpenSSH) ALLOW IN Anywhere

Anywhere on wg0 ALLOW IN 10.0.0.2

192.168.5.3 32400 on wg0 ALLOW IN 10.0.0.3

51820/udp (v6) ALLOW IN Anywhere (v6)

22/tcp (OpenSSH (v6)) ALLOW IN Anywhere (v6)

Anywhere ALLOW OUT Anywhere on eth0

Anywhere (v6) ALLOW OUT Anywhere (v6) on eth0

Anywhere on eth0 ALLOW FWD Anywhere on wg0

Anywhere (v6) on eth0 ALLOW FWD Anywhere (v6) on wg0

Anyone had this or know what the issue is? I know it is to do with UFW but not sure what needs changing.

Thanks for any help.

This is an automated archive.

The original was posted on /r/wireguard by /u/Tight-Resolve-560 on 2023-12-23 18:23:02+00:00.

---

my Laptop is connected to a different network, i can acces the lan on my phone

this is the server config:

[Interface] 
Address = 10.0.1.1/24 
MTU = 1420 
SaveConfig = true 
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o ens34 -j MASQUERADE; 
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o ens34 -j MASQUERADE; 
ListenPort = 51820 
PrivateKey = 

[Peer] 
#Sven PC 
PublicKey =  
AllowedIPs = 10.0.1.2/32

[Peer] 
#Sven Pixel 7 Pro 
PublicKey =  
AllowedIPs = 10.0.1.3/32

Client config:

[Interface]
PrivateKey = 
Address = 10.0.1.2/32
DNS = 1.1.1.1, 1.0.0.1

[Peer]
PublicKey = 
AllowedIPs = 0.0.0.0/0
Endpoint = 
PersistentKeepalive = 30

My local ip is not 10.0.1.0 thats just the subnet

This is an automated archive.

The original was posted on /r/wireguard by /u/sametsafak on 2023-12-23 16:32:58+00:00.

---

Hello,

• Firstly I am a developer and don't know networking very well, sorry for that
• I have a droplet in digital ocean and installed wireguard with angristan/wireguard-install
• My download speed is 1gbps and upload speed is 50mbps
• My modem is Tplink EX20v A1800
• I can get full speed with my modem over wifi or ethernet while downloading

What should I check to increase my download speed? I am suspecting from my modem's CPU but when I check it while connected to VPN and download test, it seems 25% max.

These are what I tried:

• Different droplet country
• More powerful droplet
• Different DNS selections for wireguard
• Over ethernet
• Other vpn providers (some of them sometimes can provide apprx. 80mbps but in general 30mbps download speed)
• Changed MTU for wg0 1200 or 1300

Nothing changed.

Edit: I used iperf3 to test speed, all of the digital ocean servers around the world shows 50mbps max. I also tried tier droplets but still same. I tried Kamatera, still same.

This is an automated archive.

The original was posted on /r/wireguard by /u/brilliant_name on 2023-12-23 15:59:54+00:00.

---

Hi!

I need some pointers on how to set it up.

I can't open ports, OpenVPN is blocked as is WireGuard. I could only connect to my VNP provider, Mullvad, with obfuscation enabled, udp-over-tcp. A shit load of other services are also blocked.

At first I though to set up dynDNS and port forward, but Mullvad dropped port forwarding, so that option is gone.

What I need is WG server to access the local network and WG VPN to access the internet.

What would be the best course of action?

I'm looking into the SoftEther project, and was considering a cheap/free VPS to manage connections or better yet, self host at home.

Please advise!

Thanks!

This is an automated archive.

The original was posted on /r/wireguard by /u/One-Pin-6926 on 2023-12-23 13:50:21+00:00.

---

Are you looking for a reliable and secure way to protect your online privacy? Look no further than NordVPN! Right now, we're offering an exclusive discount of 70% off the regular price. That's right – you can get all the features of NordVPN at an unbeatable price.

NordVPN is one of the leading VPN providers in the world, offering high-end encryption and security protocols that keep your data safe from hackers and other malicious actors. With over 5500 servers located across 59 countries, it's easy to find a fast connection wherever you are in the world. Plus, with unlimited bandwidth and no logs kept on user activity, there's never any worry about slowing down or being tracked online.

This amazing offer won't last long so don’t miss out – use our

Go to 

This is an automated archive.

The original was posted on /r/wireguard by /u/ui47942 on 2023-12-23 13:35:20+00:00.

---

Hello,

How do I solve constant disconnects/reconnects using a wire guard server on a UDM SE? I have persistent keep alive, and have tried a multitude of time frames under a minute to no avail. The VPN is set to always be on from the moment I leave the “home” wifi, and not to turn off until the device is back on.

I have multiple devices connecting to the single server, however they all have different client profiles. Do I need to create more than one server?

This is an automated archive.

The original was posted on /r/wireguard by /u/alyx46039 on 2023-12-23 12:52:45+00:00.

---

I cannot use the WireGuard app with any of Windscribe profiles.

windscribe itself can connect using WireGuard Protocol but I cannot use the app independently and I need it.

LOG:

2023-12-23 16:19:09.709: [TUN] [Windscribe-Dallas-Ranch] Starting WireGuard/0.5.3 (Windows 10.0.19045; amd64)
2023-12-23 16:19:09.709: [TUN] [Windscribe-Dallas-Ranch] Watching network interfaces
2023-12-23 16:19:09.712: [TUN] [Windscribe-Dallas-Ranch] Resolving DNS names
2023-12-23 16:19:21.768: [TUN] [Windscribe-Dallas-Ranch] Unable to resolve one or more DNS hostname endpoints: No such host is known.
2023-12-23 16:19:21.769: [TUN] [Windscribe-Dallas-Ranch] Shutting down
2023-12-23 16:19:21.770: [MGR] [Windscribe-Dallas-Ranch] Tunnel service tracker finished
2023-12-23 16:19:55.358: [TUN] [Windscribe-Dallas-Ranch] Starting WireGuard/0.5.3 (Windows 10.0.19045; amd64)
2023-12-23 16:19:55.358: [TUN] [Windscribe-Dallas-Ranch] Watching network interfaces
2023-12-23 16:19:55.360: [TUN] [Windscribe-Dallas-Ranch] Resolving DNS names
2023-12-23 16:20:07.405: [TUN] [Windscribe-Dallas-Ranch] Unable to resolve one or more DNS hostname endpoints: No such host is known.
2023-12-23 16:20:07.406: [TUN] [Windscribe-Dallas-Ranch] Shutting down
2023-12-23 16:20:07.410: [MGR] [Windscribe-Dallas-Ranch] Tunnel service tracker finished

PS: I searched the web and disabled kill-switch and set manual 1.1.1.1 for my network adapter as well. didn't work.

PPS: only Windscribe can use this protocol and I need it but I can't use Windscribe right now, so I'll have to find a way to fix it

This is an automated archive.

The original was posted on /r/wireguard by /u/brilliant_name on 2023-12-23 11:58:48+00:00.

---

I want to use an SBC as a WG proxy. Using Mullvad asa VPN provider.

Using Banana PI m1 (2 core, 100mbit) and Orange Pi Zero 3 (4 cores, 1gbit).

I get around 40mbit on both SBCs, instead of +250mbit I get on using Mullvad on both the desktop and laptop.

Using speedtest without Mullvad I get max internet speeds on both SBCs.

CPU usage is not an issue, as even the venerable Banana Pi uses only 45% on both cores and Orange PI is at 5-10% when testing.

I even tried a local WG tunnel and sure enough I get 100mbit on Banana Pi , that is limited by the 100mbit NIC on the SBC, the CPU usage is ~90%.

Any ideas what to try next?

This is an automated archive.

The original was posted on /r/wireguard by /u/brilliant_name on 2023-12-23 11:58:48+00:00.

---

I want to use an SBC as a WG proxy. Using Mullvad asa VPN provider.

Using Banana PI m1 (2 core, 100mbit) and Orange Pi Zero 3 (4 cores, 1gbit).

I get around 40mbit on both SBCs, instead of +250mbit I get on using Mullvad on both the desktop and laptop.

Using speedtest without Mullvad I get max internet speeds on both SBCs.

CPU usage is not an issue, as even the venerable Banana Pi uses only 45% on both cores and Orange PI is at 5-10% when testing.

I even tried a local WG tunnel and sure enough I get 100mbit on Banana Pi , that is limited by the 100mbit NIC on the SBC, the CPU usage is ~90%.

Any ideas what to try next?

This is an automated archive.

The original was posted on /r/wireguard by /u/APartofmysoul on 2023-12-23 05:57:23+00:00.

---

Hi, I was wondering if it is possible to make a personal VPN and route the traffic of the VPN through another 3rd party VPN. I do have a VPN subscription that has port forwarding option, but I am kind of new to advanced Linux settings such as this and I have no clue where to begin and what to research even.

A little help and guidance would be appreciated

This is an automated archive.

The original was posted on /r/wireguard by /u/APartofmysoul on 2023-12-23 05:57:23+00:00.

---

Hi, I was wondering if it is possible to make a personal VPN and route the traffic of the VPN through another 3rd party VPN. I do have a VPN subscription that has port forwarding option, but I am kind of new to advanced Linux settings such as this and I have no clue where to begin and what to research even.

A little help and guidance would be appreciated

This is an automated archive.

The original was posted on /r/wireguard by /u/Phantom-Slays on 2023-12-23 05:42:45+00:00.

---

First of all, I don't know if this is something that can be fixed, or if I have to leave it how it is. I got wireguard up and running on pfsense and set it up on my kali laptop. I can use my domain name to connect to the vpn, but I can't have proxied enabled on cloudflare. Is there a work around where I can hide my real IP behind cloudflare?

This is an automated archive.

The original was posted on /r/wireguard by /u/HarvsG on 2023-12-23 00:08:02+00:00.

---

I want to have a native WireGuard mesh for site-to-site connections (I currently use Tailscale but have performance issues and want to completely self-host).

However, most of the sites have a dynamic IP and I'd rather not give them all a public DDNS entry (because of reverse DNS lookups and whois searches). I have one cloud VPS with a static IP and pihole installed.

Could I use the VPS to bootstrap the mesh by doing the following?

1. Configure all members of the mesh to use the VPS as the DNS server.
2. Configure fake DNS entries for each client that is somehow dynamically updated by a client when it connects to the VPS (I wonder if I could do this with the post-up command and an API call to pihole)

[Interface]
PrivateKey = client1privatekey
Address = 10.10.0.2/24
DNS = 10.10.0.1

[Peer]
PublicKey = vpspublickey
PresharedKey = somepsk
AllowedIPs = 10.10.0.1/32
Endpoint = 123.456.78.9:51820

[Peer]
PublicKey = client2publickey
PresharedKey = someotherpsk
AllowedIPs = 10.10.0.2/32, 192.168.5.0/24
Endpoint = client2.somefakedomain.vpn:51820

[Peer]
PublicKey = client3publickey
PresharedKey = someother1psk
AllowedIPs = 10.10.0.3/32, 192.168.6.0/24
Endpoint = client3.somefakedomain.vpn:51820

3. Then when a new client x starts its connection the following will happen in order:

• It tries to connect to all peers, most connections will fail because the domain lookups will fail.
• It will successfully connect to the VPS as it exists at a static IP
• The post-up command will update the pihole DNS entry on the VPS (clientx.somefakedomain.vpn) with its own external IP
• It will retry connections to the other peers but now the DNS entries will be successfully resolved by the VPS pihole DNS server.
• all peer connections are successfully made
• ...
• Profit?

Notes to self: PiHole API Endpoint Edit: I'm gonna have issues with ports aren't I?

I'll have to open 51820 on each client....