Unable to Get Wireguard VPN Server Working on Brume 2

Technical Support for Routers
1

Hi everyone.

I just picked up a Brume 2 and have been trying, unsuccessfully, to get the VPN Wireguard VPN server set up. I’ve two different configurations:

  1. (Internet) → (Brume 2) → (Existing Router), in this case tested with DMZ to my existing router enabled and disabled
  2. (Internet) → (Existing Router) → (Brume 2), in this case forwarding UDP 51820 to the Brume 2

In both scenarios, I attempted to test using my phone (iPhone 14) on cellular-only (wifi disabled) connected using the official Wireguard app. In both scenarios, the phone starts having trouble accessing the internet as soon as the VPN is connected. However, I am able to access https://1.1.1.1 (avoiding DNS), which I saw as a troubleshooting step in another thread.

I attempted to connect with AdGuard enabled and disabled, but I noticed that all my Wireguard configurations default to using DNS server “64.6.64.6” regardless of what the Brume 2’s DNS settings are or whether AdGuard is set up or not. I’ve attempted to manually change that default DNS to my preferred provider (NextDNS) IP address as well as the IP address of the Brume 2 (192.168.8.1), without any effect.

I also tried disabling hardware acceleration in case that was the issue, but it does not seem to help. I have IPv6 disabled, though I’ve also tried with it enabled. I have also tried enabling and disabling the DDNS service and using configurations with that URL and via direct IP with the same results.

It seems like, for some reason, when I connect to my VPN server, DNS is broken. Any ideas?

2

I should probably also add that I’ve also tried testing using my Mac PC while tethered through my phone’s cellular connection (avoiding my home wifi to simulate being away) and had the same issue where the internet is broken as soon as I connect to the VPN.

3

Is the wireguard connection established?

Where did you ‘manually change your dns’ ?

Screenshot_2023-02-25-16-01-30-705_com.android.chrome
Screenshot_2023-02-25-16-01-30-705_com.android.chrome1080×2400 123 KB

Screenshot_2023-02-25-16-01-19-254_com.android.chrome
Screenshot_2023-02-25-16-01-19-254_com.android.chrome1080×2400 162 KB

Did you select allow remote lan access

4

I initially had my DNS configured in the Network > DNS section. Then, I enabled AdGuard instead. In both instances, directly connected (via Ethernet) PCs had no problems accessing the Internet (and that’s still the case).

Additionally, when Wireguard VPN profiles are created, there is an option to set the DNS. If you don’t set this to anything different, the Brume 2 automatically sets it to what you see in this screenshot:

DNS Config
DNS Config1172×1090 42.9 KB

I am able to establish connections to the VPN server. These are logs from connecting this morning:

2023-02-25 07:14:22.562182: [APP] startActivation: Entering (tunnel: Brume 2)
2023-02-25 07:14:22.569597: [APP] startActivation: Starting tunnel
2023-02-25 07:14:22.570165: [APP] startActivation: Success
2023-02-25 07:14:22.587532: [APP] Tunnel 'Brume 2' connection status changed to 'connecting'
2023-02-25 07:14:22.767197: [NET] App version: 1.0.16 (27)
2023-02-25 07:14:22.770575: [NET] Starting tunnel from the app
2023-02-25 07:14:23.029882: [NET] DNS64: mapped <My Home IPv4 Address> to itself.
2023-02-25 07:14:23.030584: [NET] Attaching to interface
2023-02-25 07:14:23.030933: [NET] Routine: encryption worker 1 - started
2023-02-25 07:14:23.030994: [NET] UAPI: Updating private key
2023-02-25 07:14:23.031028: [NET] Routine: encryption worker 5 - started
2023-02-25 07:14:23.031040: [NET] Routine: encryption worker 6 - started
2023-02-25 07:14:23.031048: [NET] Routine: handshake worker 2 - started
2023-02-25 07:14:23.031093: [NET] Routine: encryption worker 3 - started
2023-02-25 07:14:23.031094: [NET] Routine: decryption worker 5 - started
2023-02-25 07:14:23.031136: [NET] Routine: decryption worker 3 - started
2023-02-25 07:14:23.031164: [NET] Routine: decryption worker 4 - started
2023-02-25 07:14:23.031198: [NET] Routine: handshake worker 5 - started
2023-02-25 07:14:23.031204: [NET] Routine: handshake worker 4 - started
2023-02-25 07:14:23.031135: [NET] Routine: encryption worker 4 - started
2023-02-25 07:14:23.031226: [NET] Routine: handshake worker 6 - started
2023-02-25 07:14:23.031232: [NET] UAPI: Updating listen port
2023-02-25 07:14:23.031244: [NET] Routine: decryption worker 1 - started
2023-02-25 07:14:23.031246: [NET] Routine: TUN reader - started
2023-02-25 07:14:23.031255: [NET] Routine: handshake worker 3 - started
2023-02-25 07:14:23.031285: [NET] Routine: decryption worker 6 - started
2023-02-25 07:14:23.031342: [NET] Routine: encryption worker 2 - started
2023-02-25 07:14:23.031347: [NET] Routine: decryption worker 2 - started
2023-02-25 07:14:23.031379: [NET] Routine: event worker - started
2023-02-25 07:14:23.031384: [NET] UAPI: Removing all peers
2023-02-25 07:14:23.031384: [NET] Routine: handshake worker 1 - started
2023-02-25 07:14:23.031732: [NET] peer(zxCt…SZTk) - UAPI: Created
2023-02-25 07:14:23.031774: [NET] peer(zxCt…SZTk) - UAPI: Updating endpoint
2023-02-25 07:14:23.031825: [NET] peer(zxCt…SZTk) - UAPI: Updating persistent keepalive interval
2023-02-25 07:14:23.031864: [NET] peer(zxCt…SZTk) - UAPI: Removing all allowedips
2023-02-25 07:14:23.031906: [NET] peer(zxCt…SZTk) - UAPI: Adding allowedip
2023-02-25 07:14:23.031992: [NET] peer(zxCt…SZTk) - UAPI: Adding allowedip
2023-02-25 07:14:23.032353: [NET] UDP bind has been updated
2023-02-25 07:14:23.032388: [NET] peer(zxCt…SZTk) - Starting
2023-02-25 07:14:23.032411: [NET] Routine: receive incoming v4 - started
2023-02-25 07:14:23.032414: [NET] Routine: receive incoming v6 - started
2023-02-25 07:14:23.032449: [NET] peer(zxCt…SZTk) - Sending keepalive packet
2023-02-25 07:14:23.032510: [NET] peer(zxCt…SZTk) - Sending handshake initiation
2023-02-25 07:14:23.032679: [NET] peer(zxCt…SZTk) - Routine: sequential sender - started
2023-02-25 07:14:23.032689: [NET] peer(zxCt…SZTk) - Routine: sequential receiver - started
2023-02-25 07:14:23.033321: [NET] Interface state was Down, requested Up, now Up
2023-02-25 07:14:23.033352: [NET] Device started
2023-02-25 07:14:23.033440: [NET] Tunnel interface is utun7
2023-02-25 07:14:23.034589: [APP] Tunnel 'Brume 2' connection status changed to 'connected'
2023-02-25 07:14:23.035517: [NET] Network change detected with satisfied route and interface order [en0, pdp_ip0]
2023-02-25 07:14:23.035762: [NET] DNS64: mapped <My Home IPv4 Address> to itself.
2023-02-25 07:14:23.035837: [NET] peer(zxCt…SZTk) - UAPI: Updating endpoint
2023-02-25 07:14:23.036011: [NET] Routine: receive incoming v4 - stopped
2023-02-25 07:14:23.036067: [NET] Routine: receive incoming v6 - stopped
2023-02-25 07:14:23.036263: [NET] UDP bind has been updated
2023-02-25 07:14:23.036275: [NET] Routine: receive incoming v4 - started
2023-02-25 07:14:23.036291: [NET] Routine: receive incoming v6 - started
2023-02-25 07:14:23.047289: [NET] peer(zxCt…SZTk) - Received handshake response
2023-02-25 07:14:23.052198: [NET] Network change detected with satisfied route and interface order [en0, utun7, pdp_ip0]
2023-02-25 07:14:23.052448: [NET] DNS64: mapped <My Home IPv4 Address> to itself.
2023-02-25 07:14:23.052544: [NET] peer(zxCt…SZTk) - UAPI: Updating endpoint
2023-02-25 07:14:23.052708: [NET] Routine: receive incoming v4 - stopped
2023-02-25 07:14:23.052739: [NET] Routine: receive incoming v6 - stopped
2023-02-25 07:14:23.052956: [NET] UDP bind has been updated
2023-02-25 07:14:23.052992: [NET] Routine: receive incoming v4 - started
2023-02-25 07:14:23.053014: [NET] peer(zxCt…SZTk) - Sending keepalive packet
2023-02-25 07:14:23.053039: [NET] Routine: receive incoming v6 - started
2023-02-25 07:14:23.060478: [NET] peer(zxCt…SZTk) - Receiving keepalive packet
2023-02-25 07:14:27.570035: [APP] Status update notification timeout for tunnel 'Brume 2'. Tunnel status is now 'connected'.
2023-02-25 07:14:33.267674: [NET] peer(zxCt…SZTk) - Sending keepalive packet
2023-02-25 07:15:15.915267: [NET] peer(zxCt…SZTk) - Receiving keepalive packet
2023-02-25 07:15:30.217048: [NET] peer(zxCt…SZTk) - Receiving keepalive packet
2023-02-25 07:15:43.064113: [NET] peer(zxCt…SZTk) - Receiving keepalive packet
2023-02-25 07:16:00.577640: [NET] peer(zxCt…SZTk) - Sending keepalive packet
2023-02-25 07:16:23.101893: [NET] peer(zxCt…SZTk) - Sending handshake initiation
2023-02-25 07:16:23.120459: [NET] peer(zxCt…SZTk) - Received handshake response
2023-02-25 07:16:23.120628: [NET] peer(zxCt…SZTk) - Sending keepalive packet
2023-02-25 07:16:51.624165: [NET] peer(zxCt…SZTk) - Receiving keepalive packet
2023-02-25 07:17:17.600786: [NET] peer(zxCt…SZTk) - Receiving keepalive packet
2023-02-25 07:17:43.984737: [NET] peer(zxCt…SZTk) - Receiving keepalive packet
2023-02-25 07:18:10.979312: [NET] peer(zxCt…SZTk) - Receiving keepalive packet
2023-02-25 07:18:37.698108: [NET] peer(zxCt…SZTk) - Receiving keepalive packet
2023-02-25 07:19:03.704879: [NET] peer(zxCt…SZTk) - Receiving keepalive packet
2023-02-25 07:19:30.410083: [NET] peer(zxCt…SZTk) - Sending keepalive packet
2023-02-25 07:19:30.410207: [NET] peer(zxCt…SZTk) - Sending handshake initiation
2023-02-25 07:19:30.410305: [NET] peer(zxCt…SZTk) - Received handshake initiation
2023-02-25 07:19:30.411244: [NET] peer(zxCt…SZTk) - Sending handshake response
2023-02-25 07:19:30.411366: [NET] peer(zxCt…SZTk) - Failed to create response message: handshake initiation must be consumed first
2023-02-25 07:19:30.425509: [NET] peer(zxCt…SZTk) - Received handshake response
2023-02-25 07:19:30.438342: [NET] peer(zxCt…SZTk) - Receiving keepalive packet
2023-02-25 07:19:57.434074: [NET] peer(zxCt…SZTk) - Sending keepalive packet
2023-02-25 07:19:57.434216: [NET] peer(zxCt…SZTk) - Receiving keepalive packet
2023-02-25 07:20:19.417985: [NET] peer(zxCt…SZTk) - Receiving keepalive packet
2023-02-25 07:20:37.955773: [NET] peer(zxCt…SZTk) - Receiving keepalive packet
2023-02-25 07:21:07.644804: [NET] peer(zxCt…SZTk) - Receiving keepalive packet
2023-02-25 07:21:33.419152: [NET] peer(zxCt…SZTk) - Receiving keepalive packet
2023-02-25 07:21:45.430279: [NET] peer(zxCt…SZTk) - Sending handshake initiation
2023-02-25 07:21:45.441441: [NET] peer(zxCt…SZTk) - Received handshake response
2023-02-25 07:21:45.441614: [NET] peer(zxCt…SZTk) - Sending keepalive packet
2023-02-25 07:21:55.854015: [NET] peer(zxCt…SZTk) - Sending keepalive packet
2023-02-25 07:22:22.755301: [NET] peer(zxCt…SZTk) - Sending keepalive packet
2023-02-25 07:22:22.755374: [NET] peer(zxCt…SZTk) - Receiving keepalive packet
2023-02-25 07:22:49.438533: [NET] peer(zxCt…SZTk) - Sending keepalive packet
2023-02-25 07:22:49.438737: [NET] peer(zxCt…SZTk) - Receiving keepalive packet
2023-02-25 07:23:15.810006: [NET] peer(zxCt…SZTk) - Sending keepalive packet
2023-02-25 07:23:15.810270: [NET] peer(zxCt…SZTk) - Receiving keepalive packet
2023-02-25 07:23:42.873107: [NET] peer(zxCt…SZTk) - Sending keepalive packet
2023-02-25 07:23:42.873381: [NET] peer(zxCt…SZTk) - Receiving keepalive packet
2023-02-25 07:24:09.215931: [NET] peer(zxCt…SZTk) - Receiving keepalive packet
2023-02-25 07:24:14.490570: [NET] peer(zxCt…SZTk) - Sending handshake initiation
2023-02-25 07:24:14.503199: [NET] peer(zxCt…SZTk) - Received handshake response
2023-02-25 07:24:14.503357: [NET] peer(zxCt…SZTk) - Sending keepalive packet
2023-02-25 07:24:28.462521: [NET] peer(zxCt…SZTk) - Receiving keepalive packet
2023-02-25 07:24:54.473497: [NET] peer(zxCt…SZTk) - Sending keepalive packet
2023-02-25 07:24:54.474120: [NET] peer(zxCt…SZTk) - Receiving keepalive packet
2023-02-25 07:25:20.838751: [NET] peer(zxCt…SZTk) - Receiving keepalive packet
2023-02-25 07:25:20.838751: [NET] peer(zxCt…SZTk) - Sending keepalive packet
2023-02-25 07:25:47.197302: [NET] peer(zxCt…SZTk) - Receiving keepalive packet
2023-02-25 07:25:55.604617: [NET] Network change detected with unsatisfied route and interface order [en0, utun7, pdp_ip0]
2023-02-25 07:25:55.604678: [NET] Connectivity offline, pausing backend.
2023-02-25 07:25:55.604741: [NET] Device closing
2023-02-25 07:25:55.604811: [NET] Routine: TUN reader - stopped
2023-02-25 07:25:55.604865: [NET] Routine: event worker - stopped
2023-02-25 07:25:55.604935: [NET] Routine: receive incoming v4 - stopped
2023-02-25 07:25:55.604979: [NET] Routine: receive incoming v6 - stopped
2023-02-25 07:25:55.605039: [NET] peer(zxCt…SZTk) - Stopping
2023-02-25 07:25:55.605117: [NET] peer(zxCt…SZTk) - Routine: sequential receiver - stopped
2023-02-25 07:25:55.605153: [NET] peer(zxCt…SZTk) - Routine: sequential sender - stopped
2023-02-25 07:25:55.605209: [NET] Routine: decryption worker 2 - stopped
2023-02-25 07:25:55.605181: [NET] Device closed
2023-02-25 07:25:55.605232: [NET] Routine: decryption worker 4 - stopped
2023-02-25 07:25:55.605232: [NET] Routine: decryption worker 6 - stopped
2023-02-25 07:25:55.605319: [NET] Routine: handshake worker 2 - stopped
2023-02-25 07:25:55.605705: [NET] Routine: decryption worker 3 - stopped
2023-02-25 07:25:55.605770: [NET] Routine: handshake worker 4 - stopped
2023-02-25 07:25:55.605886: [NET] Routine: handshake worker 6 - stopped
2023-02-25 07:25:55.605955: [NET] Routine: handshake worker 3 - stopped
2023-02-25 07:25:55.606082: [NET] Routine: decryption worker 1 - stopped
2023-02-25 07:25:55.606157: [NET] Routine: handshake worker 5 - stopped
2023-02-25 07:25:55.606225: [NET] Routine: decryption worker 5 - stopped
2023-02-25 07:25:55.605652: [NET] Routine: handshake worker 1 - stopped
2023-02-25 07:25:55.607126: [NET] Routine: encryption worker 6 - stopped
2023-02-25 07:25:55.607192: [NET] Routine: encryption worker 3 - stopped
2023-02-25 07:25:55.607256: [NET] Routine: encryption worker 4 - stopped
2023-02-25 07:25:55.607319: [NET] Routine: encryption worker 5 - stopped
2023-02-25 07:25:55.607384: [NET] Routine: encryption worker 2 - stopped
2023-02-25 07:25:55.607481: [NET] Routine: encryption worker 1 - stopped
2023-02-25 07:25:55.775363: [NET] Network change detected with unsatisfied route and interface order [en0, utun7, pdp_ip0]
2023-02-25 07:25:55.937151: [NET] Network change detected with satisfied route and interface order [pdp_ip0, utun7]
2023-02-25 07:25:55.937275: [NET] Connectivity online, resuming backend.
2023-02-25 07:25:56.342613: [NET] DNS64: mapped <My Home IPv4 Address> to 2607:7700:0:1b:0:1:68ae:4322
2023-02-25 07:25:56.343575: [NET] Attaching to interface
2023-02-25 07:25:56.343821: [NET] Routine: encryption worker 1 - started
2023-02-25 07:25:56.343823: [NET] Routine: decryption worker 1 - started
2023-02-25 07:25:56.343823: [NET] Routine: handshake worker 1 - started
2023-02-25 07:25:56.343877: [NET] Routine: decryption worker 4 - started
2023-02-25 07:25:56.343879: [NET] UAPI: Updating private key
2023-02-25 07:25:56.343874: [NET] Routine: handshake worker 5 - started
2023-02-25 07:25:56.343919: [NET] Routine: decryption worker 6 - started
2023-02-25 07:25:56.343935: [NET] Routine: encryption worker 6 - started
2023-02-25 07:25:56.343978: [NET] Routine: encryption worker 2 - started
2023-02-25 07:25:56.344011: [NET] Routine: handshake worker 4 - started
2023-02-25 07:25:56.344018: [NET] Routine: encryption worker 5 - started
2023-02-25 07:25:56.344072: [NET] Routine: encryption worker 3 - started
2023-02-25 07:25:56.344114: [NET] Routine: decryption worker 3 - started
2023-02-25 07:25:56.344133: [NET] Routine: handshake worker 6 - started
2023-02-25 07:25:56.344161: [NET] Routine: decryption worker 2 - started
2023-02-25 07:25:56.344198: [NET] Routine: handshake worker 3 - started
2023-02-25 07:25:56.344205: [NET] Routine: decryption worker 5 - started
2023-02-25 07:25:56.344269: [NET] Routine: handshake worker 2 - started
2023-02-25 07:25:56.344282: [NET] Routine: encryption worker 4 - started
2023-02-25 07:25:56.344332: [NET] Routine: TUN reader - started
2023-02-25 07:25:56.344367: [NET] Routine: event worker - started
2023-02-25 07:25:56.344459: [NET] UAPI: Updating listen port
2023-02-25 07:25:56.344518: [NET] UAPI: Removing all peers
2023-02-25 07:25:56.344953: [NET] peer(zxCt…SZTk) - UAPI: Created
2023-02-25 07:25:56.345013: [NET] peer(zxCt…SZTk) - UAPI: Updating endpoint
2023-02-25 07:25:56.345138: [NET] peer(zxCt…SZTk) - UAPI: Updating persistent keepalive interval
2023-02-25 07:25:56.345226: [NET] peer(zxCt…SZTk) - UAPI: Removing all allowedips
2023-02-25 07:25:56.345305: [NET] peer(zxCt…SZTk) - UAPI: Adding allowedip
2023-02-25 07:25:56.345394: [NET] peer(zxCt…SZTk) - UAPI: Adding allowedip
2023-02-25 07:25:56.345677: [NET] UDP bind has been updated
2023-02-25 07:25:56.345695: [NET] Routine: receive incoming v4 - started
2023-02-25 07:25:56.345731: [NET] peer(zxCt…SZTk) - Starting
2023-02-25 07:25:56.345745: [NET] Routine: receive incoming v6 - started
2023-02-25 07:25:56.345897: [NET] peer(zxCt…SZTk) - Sending keepalive packet
2023-02-25 07:25:56.345924: [NET] peer(zxCt…SZTk) - Routine: sequential sender - started
2023-02-25 07:25:56.345932: [NET] peer(zxCt…SZTk) - Routine: sequential receiver - started
2023-02-25 07:25:56.345964: [NET] peer(zxCt…SZTk) - Sending handshake initiation
2023-02-25 07:25:56.347008: [NET] Interface state was Down, requested Up, now Up
2023-02-25 07:25:56.347068: [NET] Device started
2023-02-25 07:25:56.347750: [NET] Network change detected with satisfied route and interface order [pdp_ip0, utun7]
2023-02-25 07:25:56.348809: [NET] DNS64: mapped <My Home IPv4 Address> to 2607:7700:0:1b:0:1:68ae:4322
2023-02-25 07:25:56.348899: [NET] peer(zxCt…SZTk) - UAPI: Updating endpoint
2023-02-25 07:25:56.349099: [NET] Routine: receive incoming v4 - stopped
2023-02-25 07:25:56.349188: [NET] Routine: receive incoming v6 - stopped
2023-02-25 07:25:56.349429: [NET] UDP bind has been updated
2023-02-25 07:25:56.349454: [NET] Routine: receive incoming v4 - started
2023-02-25 07:25:56.349489: [NET] Routine: receive incoming v6 - started
2023-02-25 07:25:56.405904: [NET] peer(zxCt…SZTk) - Received handshake response
2023-02-25 07:25:58.343054: [NET] Network change detected with satisfied route and interface order [pdp_ip0, utun7]
2023-02-25 07:25:58.344785: [NET] DNS64: mapped <My Home IPv4 Address> to 2607:7700:0:1b:0:1:68ae:4322
2023-02-25 07:25:58.345046: [NET] peer(zxCt…SZTk) - UAPI: Updating endpoint
2023-02-25 07:25:58.345325: [NET] Routine: receive incoming v4 - stopped
2023-02-25 07:25:58.345466: [NET] Routine: receive incoming v6 - stopped
2023-02-25 07:25:58.345820: [NET] UDP bind has been updated
2023-02-25 07:25:58.345851: [NET] Routine: receive incoming v4 - started
2023-02-25 07:25:58.345935: [NET] peer(zxCt…SZTk) - Sending keepalive packet
2023-02-25 07:25:58.346015: [NET] Routine: receive incoming v6 - started
2023-02-25 07:26:48.794934: [NET] Network change detected with satisfied route and interface order [pdp_ip0, utun7]
2023-02-25 07:26:48.796476: [NET] DNS64: mapped <My Home IPv4 Address> to 2607:7700:0:1b:0:1:68ae:4322
2023-02-25 07:26:48.796866: [NET] peer(zxCt…SZTk) - UAPI: Updating endpoint
2023-02-25 07:26:48.797182: [NET] Routine: receive incoming v4 - stopped
2023-02-25 07:26:48.797315: [NET] Routine: receive incoming v6 - stopped
2023-02-25 07:26:48.797693: [NET] UDP bind has been updated
2023-02-25 07:26:48.797731: [NET] Routine: receive incoming v4 - started
2023-02-25 07:26:48.797753: [NET] Routine: receive incoming v6 - started
2023-02-25 07:26:48.798196: [NET] peer(zxCt…SZTk) - Sending keepalive packet
2023-02-25 07:26:49.775855: [NET] Network change detected with satisfied route and interface order [pdp_ip0, utun7]
2023-02-25 07:26:49.777424: [NET] DNS64: mapped <My Home IPv4 Address> to 2607:7700:0:1b:0:1:68ae:4322
2023-02-25 07:26:49.777785: [NET] peer(zxCt…SZTk) - UAPI: Updating endpoint
2023-02-25 07:26:49.778087: [NET] Routine: receive incoming v4 - stopped
2023-02-25 07:26:49.778303: [NET] Routine: receive incoming v6 - stopped
2023-02-25 07:26:49.778714: [NET] UDP bind has been updated
2023-02-25 07:26:49.778780: [NET] Routine: receive incoming v6 - started
2023-02-25 07:26:49.778773: [NET] Routine: receive incoming v4 - started
2023-02-25 07:26:49.778825: [NET] peer(zxCt…SZTk) - Sending keepalive packet
2023-02-25 07:27:00.976307: [NET] peer(zxCt…SZTk) - Sending keepalive packet
2023-02-25 07:27:01.346342: [NET] Network change detected with satisfied route and interface order [pdp_ip0, utun7]
2023-02-25 07:27:01.347931: [NET] DNS64: mapped <My Home IPv4 Address> to 2607:7700:0:1b:0:1:68ae:4322
2023-02-25 07:27:01.348256: [NET] peer(zxCt…SZTk) - UAPI: Updating endpoint
2023-02-25 07:27:01.348546: [NET] Routine: receive incoming v4 - stopped
2023-02-25 07:27:01.348634: [NET] Routine: receive incoming v6 - stopped
2023-02-25 07:27:01.348984: [NET] UDP bind has been updated
2023-02-25 07:27:01.349007: [NET] Routine: receive incoming v4 - started
2023-02-25 07:27:01.349037: [NET] Routine: receive incoming v6 - started
2023-02-25 07:27:01.349107: [NET] peer(zxCt…SZTk) - Sending keepalive packet
2023-02-25 07:27:01.979176: [NET] Network change detected with satisfied route and interface order [pdp_ip0, utun7]
2023-02-25 07:27:01.980783: [NET] DNS64: mapped <My Home IPv4 Address> to 2607:7700:0:1b:0:1:68ae:4322
2023-02-25 07:27:01.981014: [NET] peer(zxCt…SZTk) - UAPI: Updating endpoint
2023-02-25 07:27:01.981337: [NET] Routine: receive incoming v4 - stopped
2023-02-25 07:27:01.981445: [NET] Routine: receive incoming v6 - stopped
2023-02-25 07:27:01.981851: [NET] UDP bind has been updated
2023-02-25 07:27:01.981975: [NET] peer(zxCt…SZTk) - Sending keepalive packet
2023-02-25 07:27:01.982070: [NET] Routine: receive incoming v6 - started
2023-02-25 07:27:01.982062: [NET] Routine: receive incoming v4 - started
2023-02-25 07:27:20.758974: [NET] peer(zxCt…SZTk) - Retrying handshake because we stopped hearing back after 15 seconds
2023-02-25 07:27:20.759163: [NET] peer(zxCt…SZTk) - Sending handshake initiation
2023-02-25 07:27:20.876593: [NET] peer(zxCt…SZTk) - Received handshake response
2023-02-25 07:27:20.876848: [NET] peer(zxCt…SZTk) - Sending keepalive packet
2023-02-25 07:28:46.181838: [NET] Network change detected with satisfied route and interface order [pdp_ip0, utun7]
2023-02-25 07:28:46.182575: [NET] DNS64: mapped <My Home IPv4 Address> to 2607:7700:0:1b:0:1:68ae:4322
2023-02-25 07:28:46.182720: [NET] peer(zxCt…SZTk) - UAPI: Updating endpoint
2023-02-25 07:28:46.182840: [NET] Routine: receive incoming v4 - stopped
2023-02-25 07:28:46.182873: [NET] Routine: receive incoming v6 - stopped
2023-02-25 07:28:46.183035: [NET] UDP bind has been updated
2023-02-25 07:28:46.183068: [NET] peer(zxCt…SZTk) - Sending keepalive packet
2023-02-25 07:28:46.183078: [NET] Routine: receive incoming v4 - started
2023-02-25 07:28:46.183102: [NET] Routine: receive incoming v6 - started
2023-02-25 07:28:48.460821: [NET] peer(zxCt…SZTk) - Received handshake initiation
2023-02-25 07:28:48.461020: [NET] peer(zxCt…SZTk) - Sending handshake response
2023-02-25 07:28:48.530865: [NET] peer(zxCt…SZTk) - Receiving keepalive packet
2023-02-25 07:28:49.729507: [NET] Network change detected with satisfied route and interface order [pdp_ip0, utun7]
2023-02-25 07:28:49.731090: [NET] DNS64: mapped <My Home IPv4 Address> to 2607:7700:0:1b:0:1:68ae:4322
2023-02-25 07:28:49.731259: [NET] peer(zxCt…SZTk) - UAPI: Updating endpoint
2023-02-25 07:28:49.731542: [NET] Routine: receive incoming v4 - stopped
2023-02-25 07:28:49.731646: [NET] Routine: receive incoming v6 - stopped
2023-02-25 07:28:49.731869: [NET] UDP bind has been updated
2023-02-25 07:28:49.731922: [NET] peer(zxCt…SZTk) - Sending keepalive packet
2023-02-25 07:28:49.732018: [NET] Routine: receive incoming v4 - started

Soon after connecting, I start getting connection errors on my phone/connected device.

In my logs, I see things that look like IPv6 address mapping going on, but IPv6 is disabled on the Brume 2 (due to the warnings about leakage). I have IPv6 enabled on the rest of my home network, so maybe that is the issue. I’m not sure.

5

Since you have Adguard enabled

Your wireguard default dns should be your Brume router (don’t forget to enable ‘allow remote access lan’ at VPN dashboard - wireguard server)

Another way of quick check maybe set the wireguard dns to 1.1.1.1 just to see if you get internet

6

I’m still getting what appear to be DNS resolution issues. For example, I can receive notifications and data (e.g., emails) on already-established connections. However, as soon as I do anything that requires a nameserver lookup, it breaks.

IMG_0639.PNG
IMG_0639.PNG1179×2556 90.8 KB

7

That means it’s still not working

Does your ‘existing router’ block any other dns settings

8

No, my existing router is just a Netgear Orbi system configured with preferred, standard IPv4 DNS servers (to NextDNS). I have NextDNS bound to my home IP so DNS requests to their generic servers that come from my house are automatically processed by them using my custom configuration. However, I don’t believe this is the cause of the issue since I’ve also tried configuring the Brume 2 in front of my router (between my cable modem and the Orbi router) and had the same, exact problems (which do appear to be DNS-based). This is the only DNS configuration I have on my router:

CleanShot 2023-02-26 at 06.29.31@2x
CleanShot 2023-02-26 at 06.29.31@2x2320×274 27.6 KB

9

I’ll add that on my phone, I also have the NextDNS app, but I disabled it for testing. When I disable WiFi and go cellular-only to test the VPN, I have no special DNS settings pre-applied to my phone and it picks up the default DNS servers from my carrier (T-Mobile).

IMG_1E447EBDC9C2-1
IMG_1E447EBDC9C2-11041×304 76.2 KB

10

I’m doing more testing. I disabled AdGuard and set my VPN DNS server to my router (192.168.1.1). I am actually able to see my DNS requests getting processed on NextDNS from my phone while connected to the VPN. I am betting that the problem may be related to getting IPv6 returns while IPv6 is disabled on the Brume 2. The warnings on the Brume 2 reference IP leakage on VPN when IPv6 is enabled, but is that related to the VPN server, the client, or both???

11

what dns setting did you use on your mobile phone wireguard app ?

since you disabled adguard, can you enable ‘encrypted dns - dns over tls - cloudflare’ and ‘override dns settings for all clients’

12

image

13

I just tried enabling Encrypted DNS over TLS to Cloudflare and can verify that it works when I have a PC wired into the Brume’s LAN port over Ethernet:

DNSCheck
DNSCheck1920×1034 194 KB

However, when I generate WireGuard configs, the configs all still default to that funky “64.6.64.6” address. I can override that with 1.1.1.1, but DNS fails as soon as I am connected to the VPN (checking with dnscheck.tools).

15

Screenshot_2023-03-03-10-50-32-815-edit_com.wireguard.android
Screenshot_2023-03-03-10-50-32-815-edit_com.wireguard.android1080×2400 148 KB

How is your Rx tx look like? Is the VPN really established

16

I think I may have discovered the issue. My cellular provider uses the T-Mobile network, which is IPv6-only and my phone is iOS. It looks like I need to find a way to test on another network…though it also means that my phone will not work on the VPN unless it’s on WiFi. See: https://community.t-mobile.com/network-coverage-5/possible-to-connect-to-an-ipv4-vpn-server-on-t-mobile-with-ios-9471

17

I can confirm that the T-Mobile mobile network appears to be the culprit due to its lack of support for IPv4 combined with the Brume 2’s current lack of support, where the VPN is concerned, for IPv6. Everything seems to be working great on on IPv4-supporting networks.

18

I have been trying to get Wireguard VPN server setup and and using my Pixel 7 Pro with the wireguard client app and having the same issue. I am on the MINT mobile network that uses T-mobile and this would explain why I am having DNS issues.

As a side note, my Flint router has 4.2 RC2 which has Tailscale and that works perfectly with my phone. So see if you can Tailscale is available on the Brume2.
Hopefully an update can fix this DNS issue, I also don’t want to enable IPv6 yet.

2 Likes
19

That’s great information on Tailscale. I’ll have to look into it.

1 Like
20

It looks like I’ll have to wait for the 4.2 firmware to hit stable before playing with Tailscale on the Brume 2. I have it on my Beryl AX since it’s already got 4.2 stable. Hopefully it doesn’t take too long :slight_smile: