Wireguard DNS leak

reflector · November 15, 2018, 7:06am

Hi, I’m using this guide to set up WG WireGuard - GL.iNet Docs on my B1300, I’m connecting with my Android official Wireguard app, leaving DNS blank would have DNS leak, setting it 10.0.0.1 is leaking as well. any idea what should be the correct DNS to set to let the router resolve DNS?

also, how do we add more peers?

kyson-lok · November 15, 2018, 7:17am

If you use the Android app, please set the DNS to 8.8.8.8 or another reliable DNS server. The DNS filed can’t be blank.

reflector · November 15, 2018, 7:43am

so if DNS over TLS is set up in the router I can’t use that?

kyson-lok · November 15, 2018, 7:46am

Yes, you can use it to avoid dns leak. But you say you have B1300, while DNS over TLS only support in v3.0 firmware.

reflector · November 15, 2018, 8:44am

I’ve got dns over TLS set up using Unbound.
in that case, for extra peers do I do this?

config wireguard_wg0
option public_key ‘…’ # Client’s public key
option route_allowed_ips ‘1’
list allowed_ips ‘10.0.0.0/24’

instead of wg0 I set wg1, wg2 etc etc.
and what range do I set in allowed IPs?

kyson-lok · November 16, 2018, 9:31am

Is it server side? If you have some peer, you can set it as below.

config wireguard_wg0
    option public_key ‘…’ # Client1’s public key
    option route_allowed_ips ‘1’
    list allowed_ips ‘10.0.0.2/32’

config wireguard_wg0
    option public_key ‘…’ # Client2’s public key
    option route_allowed_ips ‘1’
    list allowed_ips ‘10.0.0.3/32’

reflector · February 1, 2019, 7:23am

getting back to this, I’ve upgraded to v3, tested the Wireguard server, all works well.
However I’d like to ask how do I change the default DNS generated in the config file? I’d like to set it to 192.168.8.1 so that it will resolve DoT by cloudflafe in the router instead of 64.6.64.6 now.

alzhao · February 1, 2019, 9:44am

I think you can just change the DNS in the config manually without touching the server

reflector · February 2, 2019, 6:35pm

sure I know that’s possible, but for me it’s better if I can change the default DNS to the router, that way sharing it with other people is easy without changing any configuration.

alzhao · February 3, 2019, 2:23am

Can you set up customized dns server on the server to check if this option is put into WG config.

reflector · February 3, 2019, 2:37am

where is the server config file located? on the V3 GUI theres only server and port.

alzhao · February 3, 2019, 3:28am

I mean: more settings->custom dns server

reflector · February 3, 2019, 4:03am

currently I have DNS over TLS checked on that page.
WG server settings does not reflect that, neither is it my ISP DNS server.

alzhao · February 3, 2019, 7:54am

I mean you can set up a custom dns server in the server side.

DNS via tls will not pass to the client in wireguard settings.

reflector · February 3, 2019, 8:17am

that’s the problem, which is why I want the DNS to default to 192.168.8.1 so it will follow the router’s DNS, which is set to DNS over TLS.

alzhao · February 4, 2019, 3:56am

I think the best way is to change the DNS settings when you export settings from WG. This is the best way now.

192.168.8.1 for dns will not be accessible by client after WG connected. So you need to put in the WG settings.

reflector · February 4, 2019, 5:54am

based on this, the solution is to set DNS to router IP.