Odd issues when wireguard VPN client running


MT2500 Brume 2

I have a wireguard VPN set up with client policy and only my streaming devices are set to use it.

I also have a secure DNS utility running that is used for all connected devices

I also have tailscale running for remote LAN access.

However when the VPN is up I notice two strange issues and don’t know if this correct.

One, all DNS requests from all connected devices come from the VPN IP address, not just the requests from the streaming devices that are set to use the VPN.

Two, I have no remote LAN access via tailscale when the VPN is up. Again for all clients connected.

Any ideas?

  • Tailscale is a WireGuard based service. Running both will conflict at this time.
  • Do you mean Encrypted DNS rather than “secure DNS”?
    • Whatever DNS service you set via GL GUI → Network → DNS impacts all devices connected unless you’re using the DNS of the WireGuard provider conf files.

I use Control D and a utility they have running on OpenWRT to send Encrypted DNS for all clients on the device.

Just seems strange that all devices go through the VPN to request DNS when the VPN is set to CLIENT DEVICE POLICY.

OK thanks for the info on Tailscale - I thought it would be OK to use WG Client and Tailscale together as I thought it Tailscale was more like a WG server replacement, and we have the option to run both server and client.

You shouldn’t need an addnl software for Control D; they’re apart of the stock listings @ GL GUI → Network → DNS → Encrypted DNS when you search for a server (+ Servers).

It shouldn’t; the VPN policy should be applicable here. You know this; we were in the same related thread:

I have a paid Control D account so need to run the software to use my profile - the servers on the UI are the free to access servers

Yes, I thought I knew this (it’s all a learning curve), but all my client DNS requests come from the VPN IP address - it’s not causing any issues, just thought it was odd.

I’ve been trying a few different configurations to get things working correctly, but keep bumping into different issues, hence why I’m on different threads with slightly different configs.

I do something similar but I have a custom dnscrypt-proxy2.toml for my Encrypted DNS account. dnscrypt-proxy2 is the process behind the GL GUI’s Encrypted DNS. The .toml is the configuration file. ls -l /etc/dnscrypt-proxy2/

It is odd.