Wireguard vpn - remote device can't do local DNS resolution
-
I have wireguard vpn configured between pfsense 2.6.0 and an iPhone. It connects and works, and I can access my local network by IP (RDP, http/https, ping, iperf3, etc...).
DNS name resolution does not work though. For example when I'm on the network I can go to https://pfsense.local and access my pfsense UI. Remote through wireguard it does not. I have to type the IP address in, https://192.168.5.1 in my case.
So its working ok, I have a few important IP addresses memorized or saved in various clients on the phone. But name resolution would kind of be a nice to have. I even set the DNS server to my pfsense box, 192.168.5.1 and it made no difference. I am split tunnel , but I tried full tunnel, 0.0.0.0/0 and no dice. External stuff resolves but not internal.
Any ideas?
-
@kjstech said in Wireguard vpn - remote device can't do local DNS resolution:
I even set the DNS server to my pfsense box, 192.168.5.1 and it made no difference.
What interface ist this in your pfSense?
-
@Bob-Dig LAN interface.
and I have that subnet allowed 192.168.5.0/24 for wireguard. I can ping anything in that subnet, I can access anything by IP. Just not by name, even if I specify 192.168.5.1 in DNS. External DNS queries resolve, just not my .local.
-
@kjstech You would use the pfSense WireGuard-IP for DNS I think and not the pfSense LAN-IP, give it a try. For me it is working. Resolver is listening on all interfaces.
-
@Bob-Dig
Ok my wireguard interface on pfsense is 192.168.7.1 and my device is 192.168.7.2. I changed the DNS. Yes 192.168.7.0/24 is allowed, as is my lan network 192.168.5.0/24.Still DNS resolution does not seem to work. Found a reddit thread over a year old though, someone was having the same problem and they also used .local for the home domain.
Do you think I should try to change my local home domain to home.arpa instead? Maybe wireguard is one of those things that will not resolve .local.
-
Using .local can certainly be a problem. Especially from Apple devices.
You might try adding a host override to the DNS resolver in pfSense for some other FQDN and see if that resolves.Steve
-
@stephenw10 This worked.
home.arpa works fine over wireguard vpn to pfsense.
.local domain names do not resolve on wireguard vpn to pfsense.Just adding a second entry to a few important servers with their name.home.arpa allow me to access by name when remote using wireguard.
-
Yup, those devices are probably not trying to resolve .local addresses using DNS servers at all. They assume they are mDNS and try to find them locally.
