HarryMuscle
Senior Member
I've completely rewritten this post to better explain the issue ...
I have several WireGuard VPN connections setup with different clients directed through each VPN connection. Here's an illustrated view of the setup:
When I specify a DNS server to use for each of those WireGuard VPN connections, the router software automatically adds the following iptables rules to enforce the use of those DNS servers.
The issue happens when I specify the same DNS server for each of the VPN connections (using 1.1.1.1 in this example). The router adds this route for the DNS server in question:
This seems to send all of the traffic destined to this DNS server over the first WireGuard VPN connection which obviously isn't what should be happening. I believe there are also other routes involved in making sure that each of the above IP addresses send all of their traffic over the various VPN interefaces, however, I haven't figured out which ones yet. If anyone has any input on this and possibly any suggestions on how to enable the ability to use the same DNS server for multiple VPN connections that would be greatly appreciated.
Thanks,
Harry
I have several WireGuard VPN connections setup with different clients directed through each VPN connection. Here's an illustrated view of the setup:
Code:
192.168.1.2 -> VPN Tunnel #1 -> Germany
192.168.1.3 -> VPN Tunnel #2 -> France
192.168.1.4 -> VPN Tunnel #3 -> USA
When I specify a DNS server to use for each of those WireGuard VPN connections, the router software automatically adds the following iptables rules to enforce the use of those DNS servers.
Code:
-A PREROUTING -p tcp -m tcp --dport 53 -j DNSVPN
-A PREROUTING -p udp -m udp --dport 53 -j DNSVPN
-A DNSVPN -s 192.168.1.2/32 -j DNAT --to-destination 1.1.1.1
-A DNSVPN -s 192.168.1.3/32 -j DNAT --to-destination 1.1.1.1
-A DNSVPN -s 192.168.1.4/32 -j DNAT --to-destination 1.1.1.1
The issue happens when I specify the same DNS server for each of the VPN connections (using 1.1.1.1 in this example). The router adds this route for the DNS server in question:
Code:
Destination Gateway Genmask Flags Metric Ref Use Iface
1.1.1.1 * 255.255.255.255 UH 0 0 0 wgc1
This seems to send all of the traffic destined to this DNS server over the first WireGuard VPN connection which obviously isn't what should be happening. I believe there are also other routes involved in making sure that each of the above IP addresses send all of their traffic over the various VPN interefaces, however, I haven't figured out which ones yet. If anyone has any input on this and possibly any suggestions on how to enable the ability to use the same DNS server for multiple VPN connections that would be greatly appreciated.
Thanks,
Harry
Last edited: