VPN only works from outside, but on Wifi with VPN on, no internet

Hi,

I have a RPi4 with Pihole, Wireguard, and Unbound running.
When connecting outside home to the VPN, it works perfectly. But sometimes the VPN is still running when connecting to the Wifi.
I remember that a VPN should be able to work, while connected to the Wifi, but I cannot get mine to work, I don’t have internet when the VPN is still on while connected to Wifi.

The wifi is the same network as where the VPN connects to when I’m outside, so nothing strange there.

Does someone know what I have to change in the settings to make it work?

Thanks.

So you aren’t getting Internet while you are connected to your home WiFi while your VPN is on? In my experience, that is normal behavior.

Is there a reason you need the VPN on while at home?

Vpn need not be on while on premises . Exclude the home wifi ssid(s) in the wireguard app

I have the opposite “problem”. Wireguard works flawlessly at home & away & I don’t know how.

My pi-hole has a local LAN address when on my own WiFi, my router’s WAN address when away. It’s of course the WAN address (actually no-IP domain name) that profile knows. Somehow (my router?) works.

Near the end of openVPN install on pihole doc there’s this:

I have not found it necessary to follow these instructions.

Works well for me inside and out (I sometimes forget to turn it off).

Check your DNS settings and gateway etc for the vpn. I had this same issue and I found an error when on the VPN which wasn’t routing requests properly. I can’t remember the issue exactly now, but it was easy to spot once I looked at the network settings for the wireguard configs.

Do you have a nat loopback configured in your router?

but on Wifi with VPN on, no internet

Do you connect to your Public IP? NAT loopback may not allow you to reach the VPN server from within your own LAN

[EDIT] I am worried by all the people here answering “it’s meant to provide Internet to both the VPN and the home network, and meant to block Internet when the VPN is used IN the home network”… People, the point of VPN is to act as virtual PRIVATE networks. You are claiming your private home network doesn’t have Internet? Because if it’s broken within your home, it’s not acting as a device at home…

No, it’s not meant to do that. Saying “it’s unefficient/less safe and I don’t want to heavily change my configs for this setup” is defendable, but pretending that’s how it should work for the end user is not nice

Because Wireguard is so fast that I don’t mind leaving it on when at home (on wifi)

So you aren’t getting Internet while you are connected to your home WiFi while your VPN is on? In my experience, that is normal behavior.

What? As an OpenVPN user, it isn’t normal behavior for me. Once on the VPN, you should be able to use your home network as if you were located there.

I don’t see a good reason why outside-LAN VPN users can reach the Internet, while inside-LAN VPN users can’t… besides “can’t reach the VPN due to NAT loopback”, which can only be fixed if you connect through a domain (within the LAN, ask Pihole to always answer with the private IP. That way way WAN users get the public IP while LAN users get the private one)

How do you do this?

Figured it out in the WG app settings - thanks. Very nice feature.

My pi-hole has a local LAN address when on my own WiFi, my router’s WAN address when away.

That’s not true. IF your router supports NAT loopback, your public IP is reachable from within your LAN.
So you can totally reach the VPN server (not Pihole!) when typing your Public IP + appropriate port. From the VPN config’s perspective, the private IP is not known at all

No, I’ll have to figure out if that is possible with the Nucom router.

You don’t need the VPN at home because you’re already behind the pi hole and unbound. Just disconnect it when you’re home.

Where is it in the (Android WG app)? I cannot find any settings more than allow external apps

I’m not an expert but to my knowledge if you want to access any service (that is hosted in your network) from your own network using the public ip you should have a nat loopback configured. Either that or buy a domain and point it to your public ip from outside your network and to your local ip from inside.

Disagree. If you are connected to the VPN when outside, Internet randomly dropping just because you are in the LAN is not a very good behavior.

The point of a VPN server is to act as if you are at home, so no reason for Internet to be unavailable when you are actually at home

Either that or buy a domain and point it to your public ip from outside your network and to your local ip from inside.

Nitpick : there are some free DDNS services out there, so a cost-free setup is possible. That’s how I do it.