AX1800 Flint F/W 4.1 stable - Wireguard client DNS option


I have the Wireguard server configured and working properly. Also AdGuard is enabled and working for the internal network.
What else needs to be put in place to use the Wireguard server ( or the router ( as DNS for the clients instead of the default option?

Thank you

Insert a DNS option into your client config:

# client001 #
PrivateKey = <private key of client>
Address =

I tried that and also It does not work - the client connects and the connection stays alive (i.e. handshakes take place) but no Internet name resolution.

Does the DNS setting actually get pushed (irrespective of whether it works)?

Yes, it does - using as DNS I have access to the internal network (open the router interface in a browser works.) But as I said, no name resolution for the Internet.

Assuming you have some sort of *nix box to test on, what do you get when you run

dig @

on a client?

If the DNS setting is getting pushed properly and you’re able to query the lan then it sounds like some sort of dnsmasq problem.

I have an Ubuntu box on the network. The dig command works as expected on Ubuntu on the local network. It also works on a Wireguard smartphone client connected over SSH to the internal Ubuntu box.

Just for clarity - works as DNS on the internal network. It does not work though as DNS for a Wireguard client connected to the server running on Flint.

Ok, so for clarity:

  1. WG clients get the setting pushed.
  2. WG clients can execute LAN DNS queries but cannot execute other DNS queries OR
  3. WG clients can’t execute any DNS queries, including LAN queries?

If 2), it seems like some sort of dnsmasq problem. If 3, it might be some sort of firewall/interface issue.

Are you able to use dig on a WG client for output?

1 & 2 are correct. I’ll use dig on a WG client and post the result soon.

1 Like

Here is the output:

g****@L*****:~$ dig @
;; communications error to connection refused

Wulp, that’ll do it.

Jump over into Luci, go to Network->DHCP and DNS, find this setting and uncheck it (then hit save and apply):

Then try again.

I tried that while troubleshooting - it looks like this on my version

… ?

Actually the the setting you mentioned is available and unchecked…

Hmm. It’s not actually clear that the dnsmasq.conf file does anything either. Someone from GL.iNet may have to comment… they may be doing something weird with the config/service in a non-standard way.

So you use AX1800 as Wireguard server and use another GL router as Wireguard client?

Hello good afternoon
For information, I am running a wireguard server on a Flint router with firmware 3.214.
My wireguard clients (Laptop, android smartphone) have a DNS and resolve correctly.

I’m using Flint as the WG server and a laptop and smartphones are the WG clients.

NOTE 1: AdGuard Home is enabled and everything works well on the local network.
The WG clients can use external DNS (i.e., etc) and work well. However, the VPN server IP - or the router do not work as WG DNS on the client side.

Well, the F/W versions are quite different and I’m using AdGuard Home as mentioned in my first post in the thread.
…so there’s not much to compare. However, I’m glad you have it working :).

Having the same issue, unchecking “Local Service Only” and saving and applying has no effect.

Interestingly, the router itself cannot resolve LAN entries behind the tunnel either.