• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Wireguard client & DNS

WireGuard
3
4
1.2k
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • G
    Griffo
    last edited by Griffo Feb 6, 2021, 3:38 AM Feb 6, 2021, 3:38 AM

    It was pretty trivial to set up a mobile client to use Wireguard as a roaming VPN.

    I did however have some issues with DNS. I'd configured my client to point to one of the LAN interfaces for DNS in the Android client which didn't work. What i discovered in the packet trace is that the reply was coming back from the Wireguard interface address, so obviously being ignored by the client. It was easy enough to reconfigure the client to point to the pfsense's Wireguard interface address for DNS, but is this expected behaviour?

    If so, might be worth adding to the knowledgebase.

    login-to-view

    1 Reply Last reply Reply Quote 1
    • J
      jimp Rebel Alliance Developer Netgate
      last edited by Feb 8, 2021, 7:06 PM

      That is expected for most UDP-based services. They reply from the closest interface to the user if the daemon is bound to any/all. If your DNS resolver was set to bind to specific interfaces that may not have happened, but that also has its own drawbacks.

      Better to have the clients use the closest address anyhow.

      Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

      Need help fast? Netgate Global Support!

      Do not Chat/PM for help!

      G 1 Reply Last reply Feb 8, 2021, 11:40 PM Reply Quote 2
      • G
        Griffo @jimp
        last edited by Feb 8, 2021, 11:40 PM

        @jimp Yep I guess it just wasn't obvious that Unbound would bind to the WG address as it's not necessarily an "interface" in the traditional sense in pfsense.

        T 1 Reply Last reply Apr 20, 2023, 12:57 PM Reply Quote 0
        • T
          TrickyT @Griffo
          last edited by Apr 20, 2023, 12:57 PM

          @griffo Same thing happened to me. Glad this thread was in the forums because, yeah (head slap), of course I should have set the client's DNS address to the Wireguard interface on the server. Thanks for posting!

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.