Hello Selfhosted!
So I have an interesting issue. I have a docker host, and that host i have a Caddy container. I have that setup to handle reverse proxying. I have it setup to be local only. I have a pihole and a wireguard server. And can connect to my network successfully.
The part that confuses me is that while on network everything works great. While on VPN I can connect to services by IP:Port. If I use mobile data with VPN, I can’t use the site addresses. x.domain.xxx (for privacy sake I’m leaving my domain out of the post.) But when I connect to WiFi, any WiFi, and connect to VPN I can go to the address I have setup for reverse proxying.
I am unsure how to troubleshoot this. Any pointers would be appreciated.
I’d agree with unbuckled above, it’s a DNS issue. If your mobile device is capable, use nslookup or dig to see what responses you are getting in different scenarios. It’s possible that your VPN software is leaking DNS queries out to the mobile data provider’s DNS servers while you are on mobile data and only using the correct DNS settings when you are on wifi. Possibly look for split tunnel settings in the VPN software, as this can create this type of situation.
You can also confirm this from the pihole side. Connect to the VPN via mobile data and browse to some website you don’t use often, but is not your own internal stuff. Then open the query log on your pihole and see if that domain shows up. I’d put money on that query not showing in the pihole query log.
I turned on query logging for my PiHole. I chose a random site I don’t typically browse, and confirmed I saw it logged in my PiHole. Though, I am thinking it’s likely DNS that’s causing issues.
I even tried turning off split tunneling, and it does the same thing.
I checked automatic DNS setting on my phone.
I don’t know if it will make a difference but the DNS records for my local services are CNAME records, so I am going to change it to an A/AAAA record on PiHole.
I have these set in PiHole and not my Unbound.