Tr0s
1
Hi,
I have the Wireguard server configured and working properly. Also AdGuard is enabled and working for the internal network.
What else needs to be put in place to use the Wireguard server (10.55.0.1) or the router (192.168.8.1) as DNS for the clients instead of the default 64.6.64.6 option?
Thank you
jdub
2
Insert a DNS option into your client config:
[Interface]
# client001 #
PrivateKey = <private key of client>
Address = 10.55.0.100/32
DNS = 10.55.0.1
Tr0s
3
I tried that and also 192.168.8.1. It does not work - the client connects and the connection stays alive (i.e. handshakes take place) but no Internet name resolution.
jdub
4
Does the DNS setting actually get pushed (irrespective of whether it works)?
Tr0s
5
Yes, it does - using 192.168.8.1 as DNS I have access to the internal network (open the router interface in a browser works.) But as I said, no name resolution for the Internet.
jdub
6
Assuming you have some sort of *nix box to test on, what do you get when you run
dig @192.186.8.1 example.com
on a client?
If the DNS setting is getting pushed properly and you’re able to query the lan then it sounds like some sort of dnsmasq problem.
Tr0s
7
I have an Ubuntu box on the network. The dig command works as expected on Ubuntu on the local network. It also works on a Wireguard smartphone client connected over SSH to the internal Ubuntu box.
Tr0s
8
Just for clarity - 192.168.8.1 works as DNS on the internal network. It does not work though as DNS for a Wireguard client connected to the server running on Flint.
jdub
9
Ok, so for clarity:
- WG clients get the 192.168.8.1 setting pushed.
- WG clients can execute LAN DNS queries but cannot execute other DNS queries OR
- WG clients can’t execute any DNS queries, including LAN queries?
If 2), it seems like some sort of dnsmasq problem. If 3, it might be some sort of firewall/interface issue.
Are you able to use dig on a WG client for output?
Tr0s
10
1 & 2 are correct. I’ll use dig on a WG client and post the result soon.
1 Like
Tr0s
11
Here is the output:
g****@L*****:~$ dig @192.186.8.1 example.com
;; communications error to 192.186.8.1#53: connection refused
jdub
12
Wulp, that’ll do it.
Jump over into Luci, go to Network->DHCP and DNS, find this setting and uncheck it (then hit save and apply):
Then try again.
Tr0s
13
I tried that while troubleshooting - it looks like this on my version
… ?
Tr0s
14
Actually the the setting you mentioned is available and unchecked…
jdub
15
Hmm. It’s not actually clear that the dnsmasq.conf file does anything either. Someone from GL.iNet may have to comment… they may be doing something weird with the config/service in a non-standard way.
alzhao
16
So you use AX1800 as Wireguard server and use another GL router as Wireguard client?
Sergio
17
Hello good afternoon
For information, I am running a wireguard server on a Flint router with firmware 3.214.
My wireguard clients (Laptop, android smartphone) have a DNS 192.168.8.1 and resolve correctly.
Tr0s
18
I’m using Flint as the WG server and a laptop and smartphones are the WG clients.
NOTE 1: AdGuard Home is enabled and everything works well on the local network.
The WG clients can use external DNS (i.e. 64.6.64.6, 1.1.1.1 etc) and work well. However, the VPN server IP - 10.55.0.1 or the router 192.168.8.1 do not work as WG DNS on the client side.
Tr0s
20
Well, the F/W versions are quite different and I’m using AdGuard Home as mentioned in my first post in the thread.
…so there’s not much to compare. However, I’m glad you have it working :).
Having the same issue, unchecking “Local Service Only” and saving and applying has no effect.
Interestingly, the router itself cannot resolve LAN entries behind the tunnel either.
