Hi,
I have the Wireguard server configured and working properly. Also AdGuard is enabled and working for the internal network.
What else needs to be put in place to use the Wireguard server (10.55.0.1) or the router (192.168.8.1) as DNS for the clients instead of the default 64.6.64.6 option?
Thank you
Insert a DNS option into your client config:
[Interface]
# client001 #
PrivateKey = <private key of client>
Address = 10.55.0.100/32
DNS = 10.55.0.1
I tried that and also 192.168.8.1. It does not work - the client connects and the connection stays alive (i.e. handshakes take place) but no Internet name resolution.
Does the DNS setting actually get pushed (irrespective of whether it works)?
Yes, it does - using 192.168.8.1 as DNS I have access to the internal network (open the router interface in a browser works.) But as I said, no name resolution for the Internet.
Assuming you have some sort of *nix box to test on, what do you get when you run
dig @192.186.8.1 example.com
on a client?
If the DNS setting is getting pushed properly and you’re able to query the lan then it sounds like some sort of dnsmasq problem.
I have an Ubuntu box on the network. The dig command works as expected on Ubuntu on the local network. It also works on a Wireguard smartphone client connected over SSH to the internal Ubuntu box.
Just for clarity - 192.168.8.1 works as DNS on the internal network. It does not work though as DNS for a Wireguard client connected to the server running on Flint.
Ok, so for clarity:
If 2), it seems like some sort of dnsmasq problem. If 3, it might be some sort of firewall/interface issue.
Are you able to use dig on a WG client for output?
1 & 2 are correct. I’ll use dig on a WG client and post the result soon.
Here is the output:
g****@L*****:~$ dig @192.186.8.1 example.com
;; communications error to 192.186.8.1#53: connection refused
Wulp, that’ll do it.
Jump over into Luci, go to Network->DHCP and DNS, find this setting and uncheck it (then hit save and apply):
Then try again.
Actually the the setting you mentioned is available and unchecked…
Hmm. It’s not actually clear that the dnsmasq.conf file does anything either. Someone from GL.iNet may have to comment… they may be doing something weird with the config/service in a non-standard way.
So you use AX1800 as Wireguard server and use another GL router as Wireguard client?
Hello good afternoon
For information, I am running a wireguard server on a Flint router with firmware 3.214.
My wireguard clients (Laptop, android smartphone) have a DNS 192.168.8.1 and resolve correctly.
I’m using Flint as the WG server and a laptop and smartphones are the WG clients.
NOTE 1: AdGuard Home is enabled and everything works well on the local network.
The WG clients can use external DNS (i.e. 64.6.64.6, 1.1.1.1 etc) and work well. However, the VPN server IP - 10.55.0.1 or the router 192.168.8.1 do not work as WG DNS on the client side.
Well, the F/W versions are quite different and I’m using AdGuard Home as mentioned in my first post in the thread.
…so there’s not much to compare. However, I’m glad you have it working :).
Having the same issue, unchecking “Local Service Only” and saving and applying has no effect.
Interestingly, the router itself cannot resolve LAN entries behind the tunnel either.
