GL-MT3000 Wireguard Client DNS

I have the MT3000 setup as a client to a wireguard server and set the DNS in the config.

The clients connecting to the MT3000 don’t appear to be querying the DNS server behind the wireguard connection as desired.

How can I force all clients to have DNS (ideally all traffic) run through the wireguard connection?

Firmware 4.1.3 release3

Global options
Block Non-VPN Traffic - Enabled
Services from GL.iNet don’t Use VPN - Disabled

Proxy Mode
Global Proxy
All traffic will go through VPN. Only one VPN client instance can be activated.

I’m not sure if I have to modify DNS settings here

Set the DNS to Automatic. It will then take the DNS from the WireGuard client when it’s running.

1 Like

Yup I was just messing with that. Thank you it works as expected now.

I’m not sure why it wasn’t set like that to start.

1 Like

Be careful with the automatic setting, it could mess up things badly.
I had Surfshark Wireguard client for one device, all other devices were randomly served by its DNS server which resolves some major sites (bbc/reddit/netflix…) to the same non-existing IP.
Took me days to figure this out.
Enabling Adguard Home doesn’t play well with this, disabling it will reset it to automatic again.
Not good.

There was just a firmware update which caused me to reset the device and start over.

The automatic now shows the local DNS and the one told to use by wireguard, but will still force the one defined in wireguard.

I have a local DNS server with ad blocking (pihole) setup on the “server” end of the wireguard network.

Mine is Automatic and shows the WireGuard DNS server in the list, yet NOTHING uses it - not the router and not clients behind the router. I can force it manually with nslookup on the client, but the dnsmasq instance on the router is NOT forwarding requests to WireGuard when the tunnel is up.

1 Like