Wireguard client not honoring DNS setting [workaround discovered]

agnelli · April 9, 2023, 5:14am

I am also experiencing DNS issues using a Wireguard client file on my GL-MT1300 using an upgraded beta version of the firmware openwrt-mt1300-4.1.0-1107-1667792228.bin. I also experienced the problem on older versions of the firmware.

The router seems to use DNS servers from my VPS, which is in this case from the network Vultr, instead of the DNS servers specified by the Wireguard server. When I connect directly to the Wireguard server from my laptop, instead of connecting to the Wireguard server at the router level, the correct DNS servers are used.

To setup the Wireguard server I have used GitHub - trailofbits/algo: Set up a personal VPN in the cloud to create a Wireguard server on the cloud network Vultr. Looking at how that script generally sets up DNS at algo/config.cfg at master · trailofbits/algo · GitHub, it defaults to Cloudflare along with dns adblocking.

I am testing DNS using DNS leak test. Free check. I have no idea which steps to try and copy here to resolve the issue.

alzhao · May 25, 2023, 6:22am

Pls just upgrade to latest version.

doczenith1 · May 26, 2023, 2:49am

I think I may also be experiencing this DNS issue with WireGuard. I self host my WireGuard server at my house. I have Android clients that work as expected and use the DNS provided by my WireGuard server. The WireGuard client config includes DNS = 192.168.1.1 which is the IP address of my router that is hosting the WireGuard server. I am using similarly generated config file on my X3000 but devices connected to X3000 are using the DNS servers entered in X3000 settings.

Edit: firmware 4.3.1.

Edit 2: the tunnel is working properly otherwise. The clients reported IP address is the IP address of the server.

mpfl · January 27, 2024, 1:26am

I’m experiencing this issue as well. My GL-MT1300 Beryl (firmware 4.3.7) does not honour the DNS settings from the Wireguard client. I can reach the Wireguard DNS when I specify it in nslookup, but the Beryl still uses the DNS server from the WAN.

mpfl · January 27, 2024, 1:40am

Oh, I also noticed that the GL.iNet UI doesn’t respect valid Wireguard configuration options. For example, Wireguard lets you add search domains (as text) to the Interface.DNS field, but the GL.iNet interface only lets you add numeric values, limiting you to adding only DNS servers.

alzhao · January 29, 2024, 2:56am

Seems this is the case. Have you tried changing the wireguard config directly via ssh and check?

wheeow · March 24, 2024, 11:42am

I also have this problem (MT1300 and SFT1200), not only for WG, also for OpenVPN. This problem appeared when I switched from Firmware V3 to V4. It is a shame that they have not yet solved it, I saw a lot of threads complaining about this since quite a long time.

alzhao · March 25, 2024, 6:40am

What problem are you talking about?

The 4.x firmware not does hornor DNS settings in the wireguard and openvpn.

If you have an issue just open a separate thread with details. This is a 5 year old post.
The last problem which posted in Jan is talking about another issue.