Wireguard Server and Local DNS server
Is there anything wrong with how my Wireguard server is configured?
I want to make my local DNS server to be my Wireguard clients' DNS server.
It was connected and packets were coming through because the data usage was going up. But there is no internet connection.
Wireguard server's DHCP is 10.0.50.0/24
Local DNS server is on 10.0.10.8 and 10.0.10.9 (primary and secondary)
There are no ACLs configured, and even if I configure ACL (Gateway ACL only since I don't have a switch) and allow access to 10.0.50.0/24 to 10.0.10.8 and 10.0.10.9, it's still connected but no internet connection.
OC200 v1 Firmware version: 1.29.3 Build 20240131 Rel.35531
ER605 v2 Firmware version: 2.2.4 Build 20240119 Rel.44368
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Thanks for posting in our business forum.
ceejaybassist wrote
So, it is Android, cellphone, go to your WIFI or cellular settings. I recall that it is not possible to set the DNS in celluar instead you need to use Private DNS which has to be a domain.
For the sake of the test, use WIFI and change your WIFI settings, see if you can get the 10.0.10.8 DNS working.
BTW, what is the result of you ping 8.8.8.8?
- Copy Link
- Report Inappropriate Content
@Clive_A It worked. I just removed the DNS param in the wireguard app. But it only worked since I'm connected to my local network. How about when I am outside? Should removing the DNS param in the wireguard client config and setting my phone's/Laptop's DNS to my local DNS (10.0.10.8 and 10.0.10.9) still give me a connection? I'll test it later on my mobile data.
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
@MR.S Yes, all devices inside the same local network are reachable. It just won't give me internet connection.
- Copy Link
- Report Inappropriate Content
Thanks for posting in our business forum.
ceejaybassist wrote
@MR.S Yes, all devices inside the same local network are reachable. It just won't give me internet connection.
So, based on what you described, you want to use the local DNS server, right?
Try this. Remove the DNS in the parameters. Set up the DNS server on your system settings on your devices.
You want the DNS query to travel through the VPN tunnel to the local server. It is not the right way to do it by setting a local IP address on the interface of WG.
It does not encapsulate the DNS query until you set the DNS on your devices. That query will be encapsulated in the VPN packet and transferred to the local DNS server.
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
Thanks for posting in our business forum.
ceejaybassist wrote
So, it is Android, cellphone, go to your WIFI or cellular settings. I recall that it is not possible to set the DNS in celluar instead you need to use Private DNS which has to be a domain.
For the sake of the test, use WIFI and change your WIFI settings, see if you can get the 10.0.10.8 DNS working.
BTW, what is the result of you ping 8.8.8.8?
- Copy Link
- Report Inappropriate Content
@Clive_A It worked. I just removed the DNS param in the wireguard app. But it only worked since I'm connected to my local network. How about when I am outside? Should removing the DNS param in the wireguard client config and setting my phone's/Laptop's DNS to my local DNS (10.0.10.8 and 10.0.10.9) still give me a connection? I'll test it later on my mobile data.
- Copy Link
- Report Inappropriate Content
Thanks for posting in our business forum.
ceejaybassist wrote
@Clive_A It worked. I just removed the DNS param in the wireguard app. But it only worked since I'm connected to my local network. How about when I am outside? Should removing the DNS param in the wireguard client config and setting my phone's/Laptop's DNS to my local DNS (10.0.10.8 and 10.0.10.9) still give me a connection? I'll test it later on my mobile data.
Like I said earlier that is not encapsulated.
For the cellular, unfortunately, you cannot set the DNS to a private IP. Gotta use the Private DNS like said in the last reply. That requires a domain. If you can port forward your local DNS server and use DoH or DoT, that would be the ideal way. You can use the Private DNS which will hijack overall DNS queries to the designated DNS server.
For computers, you can still set LAN DNS to that private IP when the VPN is connected, everything is transferred in the tunnel and you can access the local DNS server.
I recall that DNS on the WG interface should be the public IP address/FQDN. Or it will not allow Internet access as private IP addresses are not found on the WAN. If you have a port forward your local DNS server, you can also use it in the WG app interface configuration.
- Copy Link
- Report Inappropriate Content
Clive_A wrote
I recall that DNS on the WG interface should be the public IP address/FQDN. Or it will not allow Internet access as private IP addresses are not found on the WAN. If you have a port forward your local DNS server, you can also use it in the WG app interface configuration.
I can do that. But it would be redundant. I'm using my public IP (thru a DDNS) as my WG's endpoint. Can I also use the same to the DNS server?
- Copy Link
- Report Inappropriate Content
Thanks for posting in our business forum.
ceejaybassist wrote
Clive_A wrote
I recall that DNS on the WG interface should be the public IP address/FQDN. Or it will not allow Internet access as private IP addresses are not found on the WAN. If you have a port forward your local DNS server, you can also use it in the WG app interface configuration.
I can do that. But it would be redundant. I'm using my public IP (thru a DDNS) as my WG's endpoint. Can I also use the same to the DNS server?
DNS listens at 53 which does not conflict with your WG port.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 1605
Replies: 9
Voters 0
No one has voted for it yet.