Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    DNS Resolution for Wireguard tunnel failing

    DHCP and DNS
    dns firewall rules wireguard dns resolution
    2
    3
    1.1k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • L
      lukeclover21
      last edited by

      Hey, so I have question regarding my setup.

      I currently have a no-ip domain pointing at my public IP address. I've allowed ICMP reply requests through the firewall, and I am able to ping my firewall from an external connection via said domain.

      I am attempting to set up a wireguard connection with my firewall as an endpoint, shunting all the wireguard clients into a dmz. I've allowed port 51820/UDP through my firewall, and configured the public/private keys for both the server and the endpoint. So far so good.

      Now here's where I'm stuck. When I attempt to connect to the wireguard server on my client machine, it fails to resolve the domain. Is there something I'm missing here? My configs are as follows:

      Server:
      ListenPort = 51820
      wg_tun0 on Opt 1
      Interface Address = 1772.16.0.1/32

      Client:
      [Interface]
      PrivateKey = SNIP
      Address = 172.16.0.2/32
      DNS = 1.1.1.1, 8.8.8.8

      [Peer]
      PublicKey = SNIP
      AllowedIPs = 172.16.0.0/12
      Endpoint = SNIP:51820

      Firewall:

      WLAN: Allow in 51820/UDP
      OPT 1: Allow from 172.16.0.0/12:* to 172.16.0.0/12:*

      Is this some issue with my configuration, my firewall rules, or is it as I suspect that there's some DNS related protocol that I'm unaware of that my firewall is blocking?

      Screen Shot 2022-08-28 at 10.32.54 AM.png

      Bob.DigB 1 Reply Last reply Reply Quote 0
      • Bob.DigB
        Bob.Dig LAYER 8 @lukeclover21
        last edited by

        @lukeclover21 said in DNS Resolution for Wireguard tunnel failing:

        and I am able to ping my firewall from an external connection via said domain.

        Ok, so is that true for your client machine too?

        L 1 Reply Last reply Reply Quote 0
        • L
          lukeclover21 @Bob.Dig
          last edited by

          @bob-dig Yes, I can ping the domain name and receive a response from the firewall.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post