DNS is not resolving from VPN (Wireguard and OpenVPN) on Slate AX GL-AXT1800

DNS is not resolving from VPN (Wireguard and OpenVPN) on Slate AX GL-AXT1800

Connecting to personal pfsense and running it with DNS resolver. Have been able to run it well with Android, Windows and Asus routers. Clients behind Asus routers will resolve without issues.

Tried forcing client DNS to the required IP but I still cannot get it to resolve my custom hosts.

One workaround I managed to do is to edit the hosts file on the Slate AX.

Any suggestions so I do not need to rely on the hosts file?

1. Have the configuration setup the custom DNS? and the DNS is your personal pfsense?
   

   

   Clip_2024-08-05_10-03-20717×280 11.3 KB

2. Mode: Automatic, will use VPN DNS first.
   

   

   Clip_2024-08-05_10-28-16707×594 20.4 KB

Hi Bruce, in short yes.
my configuration for the Wireguard and OpenVPN clients are both pointing to the personal ip for DNS. Not different from how I have setup on an Asus router prior and the clients are able to get the resolves from the private DNS. Difference only being the keys.

also, the Slate AX is on firmware 4.6.2 release2.

I am able to have the clients establish a direct VPN connection and it works as expected but I hope to be able to make use of the Slate AX wireguard client to establish the tunnel for all connected clients.

Hi everyone,
I received my Slate AX on Saturday and have exactly the same problem. I'm using WireGuard to establish a connection to my pfSense, but DNS isn't working. The tunnel itself is stable and pings go through in both directions.

If you test DNS from router against your pfSense, does it work then?

Do you mean the local dns names or all dns names?

May I know if this topology in my understanding is right?

VPN Server & DNS Server: pfsense
VPN Client: Android/Windows/Routers

pfsense (VPN Server & DNS Server) —— ISP Modem —— Internet —— VPN Client

It seems to be working now. I created an entry in Advanced Settings under DHCP and DNS under DNS forwardings that forwards my "mylocaldomain.local" to my pfSense DNS resolver. Along with many other settings that I tinkered with, that seems to have been the decisive step.

My planned setup is as follows:

(GL-AXT1800) <-> (Hotel WIFI) <-> (WireGuard) <-> (pfSense) <-> (Local Services and Internet Breakout)

My current test setup:

(GL-AXT1800) <-> (WireGuard) <-> (pfSense) <-> (Local Services and Internet Breakout)

Here is the output from LuCI -> Network -> Diagnostics -> Nslookup

Server: 127.0.0.1
Address: 127.0.0.1#53

** server can't find xyz.mydomain.lan: NXDOMAIN
** server can't find xyz.mydomain.lan: NXDOMAIN

The VPN works so all IP address is reachable just the local names are not being resolved from the pfsense. So what I did was recreate the list of IPs and names in Slate -> Network -> DNS -> Edit Hosts.

@bruce, yes the typology is correct. I have been successful with having clients directed to the correct IPs through a similar setup with Asus Routers so I am sure it works.
private servers -- pfsense (VPN + DNS) -- ISP Modem -- WAN -- ISP Modem -- Asus Router (VPN Client) -- clients

In the case of what I want to do is for the clients connecting to Slate AX (instead of the Asus Router) to be able to resolve the host names of my private servers
private servers -- pfsense (VPN + DNS) -- ISP Modem -- WAN -- public wifi -- Slate AX (VPN Client) -- clients

@FrequentFlyer, I tried tinkering a lot of settings but failed to resolve it. I tried the similar under LuCI -> Network -> DHCP and NDS -> DNS forwardings -> /mydomain.lan/ipaddress but that did not work for me. What other settings do you think made a difference?

What is the domain name?

if it is “mydomain” pls change it to “mydomain.lan” and check.

image1141×741 35.1 KB

path：NETWORK -> DNS -> DNS Rebinding Attack Protection.

Hi @alzhao, yes I am already using "hexx.lan"

@teleney, I have the DNS settings exactly as your image, all off, and Mode -> Automatic

For .lan dns query to pass dnsmasq, please try copy and run the following command,

uci set dhcp.@dnsmasq[0].local='/lan_chgd/'
uci commit dhcp

# restart dnsmasq
/etc/init.d/dnsmasq restart

# restart vpn dnsmasq
. /usr/bin/route_policy
handle_dns

@hansome, that resolved it. Thank you.
I had previously deleted Local server DHCP instead of changing it. Since my internal domain used .lan, looks like all I needed to change was
LuCI -> Network -> DHCP and DNS -> Local server -> /lan/
LuCI -> Network -> DHCP and DNS -> Local server -> /lan_chgd/
Do not need to add DNS forwardings.

@hansome, spoke too soon. Still having issues now that I'm traveling. Hard to troubleshoot now so resulting in individual VPN directly on each client

LuCI -> Network -> Diagnostics -> nslookup
Results in
;; connection timed out; no servers could be reached

Sorry I missed a part setting of VPN dnsmasq:
The updated full command is:

# set dnsmasq
uci set dhcp.@dnsmasq[0].local='/lan_chgd/'
uci commit dhcp

# restart dnsmasq
/etc/init.d/dnsmasq restart

# set VPN dnsmasq
sed -i 's/local=\/lan/local=\/lan_chgd/' /etc/dnsmasq.conf.vpn

# restart vpn dnsmasq
. /usr/bin/route_policy
handle_dns

I have mixed success with this. Looks like it is working using OpenVPN but I cannot get it to work using WireGuard, which is the preferred method for performance.

Here are the commands I have run to configure

uci set dhcp.@dnsmasq[0].local='/lan_chgd/'
uci commit dhcp
/etc/init.d/dnsmasq restart
sed -i 's/local=/lan/local=/lan_chgd/' /etc/dnsmasq.conf.vpn

I believe this is the correct command

/usr/bin/route_policy handle_dns

This command forced SSH to exit

. /usr/bin/route_policy

and this is an unknown command

handle_dns

nslookup from client resolves correctly but through LuCI console responds with this error message

;; connection timed out; no servers could be reached

Please export log for analysis.