What's new
By:

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Wireguard init-script

R

R. Gerrits

Very Senior Member
I was today looking to improve the Wireguard init-script.
Discovered an issue with DNS:
My router is configured to get DNS servers from my ISP using DHCP.
The moment WG becomes active, the router thus tries to access these DHCP servers through the tunnel.
And my provider blocks access to their DNS servers for devices that are not on their network.

Any suggestions on how we could best solve this?
(didn't notice it before, because I usually bypass VPN for the router itself. )

We could get the ip-addresses of the dns-servers from /etc/resolv.conf and add specific routes for those to the routing table to still route these directly via internet.

But if someone has manually configured for instance 9.9.9.9, then perhaps that user does want to have his DNS-traffic running through the WG tunnel?
And perhaps some WG providers also provide DNS servers to use?
(I see WG client config can have DNS server entry, but current init-script would completely ignore that).
 
R. Gerrits said:
I was today looking to improve the Wireguard init-script.
Discovered an issue with DNS:
My router is configured to get DNS servers from my ISP using DHCP.
The moment WG becomes active, the router thus tries to access these DHCP servers through the tunnel.
And my provider blocks access to their DNS servers for devices that are not on their network.

Any suggestions on how we could best solve this?
(didn't notice it before, because I usually bypass VPN for the router itself. )

We could get the ip-addresses of the dns-servers from /etc/resolv.conf and add specific routes for those to the routing table to still route these directly via internet.

But if someone has manually configured for instance 9.9.9.9, then perhaps that user does want to have his DNS-traffic running through the WG tunnel?
And perhaps some WG providers also provide DNS servers to use?
(I see WG client config can have DNS server entry, but current init-script would completely ignore that).
Click to expand...
just specify a dns option for your wg0.conf
example
Code: 
[Interface]
Address = 10.9.0.1/24
# Default WireGuard port, change to anything that doesn’t conflict
ListenPort = 51820
DNS = 1.1.1.1
DNS = 1.0.0.1

also specify it for your peer.conf as well if needed
example

Code: 
[Interface]
Address= 10.9.0.2/32
DNS = 1.1.1.1
DNS = 1.0.0.1

Also in your peer.conf make sure you are running a full tunnel and not a split tunnel, if you are expecting all traffic to pass through

Code: 
AllowedIPs = 0.0.0.0/0

 
You must log in or register to reply here.

Similar threads

S
Solved AX88U Wireguard Issue
Replies
1
Views
798
Tech9
Tech9
M
Using Mullvad Wireguard VPN with custom DNS
Replies
3
Views
556
MasterMike
M
I
Challenge with tunneling internet for WG site to site from the server side
Replies
8
Views
606
ivannn
I
I
VPNMON VPNMON-R3 Custom WireGuard Server List Generation Tutorials and Examples
Replies
12
Views
702
iTyPsIDg
I
S
Solved [3006.102.4] wireguard client no lan dns resolving?
Replies
1
Views
432
Skillz
S
Similar threads
Thread starter Title Forum Replies Date
A init scripts are not being executed on startup NETGEAR AC Routers and Adapters (Wi-Fi 5) 5

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 610 (members: 16, guests: 594)
Back
Top