I have a setup where my openwrt router connects to my home wi-fi, then it connects to wireguard VPN server at home, running pihole in docker containner.
In the VPN interface I have set the DNS to be the Pihole's IP in docker.
With this setup any client connected to OWRT will use the VPN and have google ads blocked by the pihole.
Oddly enough on any website I can see the ads are blocked sometimes, but other times they are still visible. A few refreshes can trigger this either way. When I see the ads I can see in the Pihole log that no request was made to the DNS from my laptop. When ads are blocked I can see the request to G ads being blocked in Pihole.
My best guess is that some ads get through because there is DNS leak to my wi-fi's DNS server (my provider's) which resolves the G Ads' IP.
The best option is to set upstreams in dnsmasq to servers of your VPN provider, then on LAN side use dns interception like dns-http-proxy sets up automatically.
I am confused about option 6. You said "e.g LAN....", so where do I set it, which interface? Should it be on the WG, or anything but WG (ergo LAN)?
Thanks.
P.S. Is there anything special if I want to run the script?
You mentioned
This is not compatible with the use of encrypted DNS or the setting of Use Custom DNS servers (server=)
In WG DNS section I defined my DNS to be the Pihole one. Is that OK?
You set it on the interface your local clients connect to e.g. lan or guest etc.
I do not know if there is a luci setting to set option 6 for all connected clients, I do not use LuCi.
It is much easier (for me at least) to set things directly in the config file