Wireguard DNS leak


#1

Hi, I’m using this guide to set up WG https://docs.gl-inet.com/en/2/app/wireguard/ on my B1300, I’m connecting with my Android official Wireguard app, leaving DNS blank would have DNS leak, setting it 10.0.0.1 is leaking as well. any idea what should be the correct DNS to set to let the router resolve DNS?

also, how do we add more peers?


#2

If you use the Android app, please set the DNS to 8.8.8.8 or another reliable DNS server. The DNS filed can’t be blank.


#3

so if DNS over TLS is set up in the router I can’t use that?


#4

Yes, you can use it to avoid dns leak. But you say you have B1300, while DNS over TLS only support in v3.0 firmware.


#5

I’ve got dns over TLS set up using Unbound.
in that case, for extra peers do I do this?

config wireguard_wg0
option public_key ‘…’ # Client’s public key
option route_allowed_ips ‘1’
list allowed_ips ‘10.0.0.0/24’

instead of wg0 I set wg1, wg2 etc etc.
and what range do I set in allowed IPs?


#6

Is it server side? If you have some peer, you can set it as below.

config wireguard_wg0
    option public_key ‘…’ # Client1’s public key
    option route_allowed_ips ‘1’
    list allowed_ips ‘10.0.0.2/32’
config wireguard_wg0
    option public_key ‘…’ # Client2’s public key
    option route_allowed_ips ‘1’
    list allowed_ips ‘10.0.0.3/32’