Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Wireguard client & DNS

    Scheduled Pinned Locked Moved
    WireGuard
    3
    4
    1.1k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      Griffo
      last edited by Griffo

      It was pretty trivial to set up a mobile client to use Wireguard as a roaming VPN.

      I did however have some issues with DNS. I'd configured my client to point to one of the LAN interfaces for DNS in the Android client which didn't work. What i discovered in the packet trace is that the reply was coming back from the Wireguard interface address, so obviously being ignored by the client. It was easy enough to reconfigure the client to point to the pfsense's Wireguard interface address for DNS, but is this expected behaviour?

      If so, might be worth adding to the knowledgebase.

      DNS.PNG

      1 Reply Last reply Reply Quote 1
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        That is expected for most UDP-based services. They reply from the closest interface to the user if the daemon is bound to any/all. If your DNS resolver was set to bind to specific interfaces that may not have happened, but that also has its own drawbacks.

        Better to have the clients use the closest address anyhow.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        G 1 Reply Last reply Reply Quote 2
        • G
          Griffo @jimp
          last edited by

          @jimp Yep I guess it just wasn't obvious that Unbound would bind to the WG address as it's not necessarily an "interface" in the traditional sense in pfsense.

          TrickyTT 1 Reply Last reply Reply Quote 0
          • TrickyTT
            TrickyT @Griffo
            last edited by

            @griffo Same thing happened to me. Glad this thread was in the forums because, yeah (head slap), of course I should have set the client's DNS address to the Wireguard interface on the server. Thanks for posting!

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.