• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

[SOLVED] DNS issue with mullvad wireguard clients.

Scheduled Pinned Locked Moved General pfSense Questions
7 Posts 2 Posters 1.1k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • N
    nimrod
    last edited by nimrod Nov 26, 2024, 12:51 PM Nov 26, 2024, 11:09 AM

    As per mullvads blog post here, they are ending openvpn support on 15 January 2026, so i decided to migrate all my pfsense clients to wireguard and ditch openvpn. I already have one mullvad wireguard client instance set up and working, however i decided to refresh my knowledge on how to properly setup wireguard clients by following this nice tutorial by Christian McDonald. I excluded the failover part because i dont need it. I was able to setup additional 2 wireguard client instances and they are up and connected without any issues. I adjusted interface assignments in NAT and firewall rules, and finally i removed all openvpn interfaces and deleted all openvpn clients.

    Here is the issue im having now. When i reboot my pfsense box, DNS resolution is not working until i go to System-General Setup and then click save button without changing anything.

    My DNS resolver is in forwarding mode because im using pfblocker and i have a upstream DNS server setup in System-General setup. All other settings that i tried when configuring how DNS works produced a DNS leak or DNS working without issue but no pfblocker filtering. I also tried setting up static mappings for all wireguard tunnels but issue is still there. Here are the screenshots of how everything is configured.

    DNS Resolver Settings:

    7d71f6f3-0281-401b-87f3-84ba39570d6c-image.png
    1c8645d7-906b-4ad9-a4a0-3b33bf9fbfe9-image.png

    System-General Setup settings:
    8ec598b5-fe89-43fa-b416-0ee5fc8a958e-image.png

    Before switching to wireguard, i had openvpn tunnel selected in the gateway section in system-general setup and never had any issues with DNS leaks or pfblocker not working after restart. Im completely puzzled by this.

    B 1 Reply Last reply Nov 26, 2024, 12:06 PM Reply Quote 0
    • B
      Bob.Dig LAYER 8 @nimrod
      last edited by Nov 26, 2024, 12:06 PM

      @nimrod If you want no DNS-Leaks and the WG-Clients need to connect to a DNS-Address, you have a problem. Maybe use IP-Addresses for the endpoints instead of DNS-Addresses if you are able.

      N 1 Reply Last reply Nov 26, 2024, 12:24 PM Reply Quote 0
      • N
        nimrod @Bob.Dig
        last edited by Nov 26, 2024, 12:24 PM

        @Bob-Dig said in DNS issue with mullvad wireguard clients.:

        @nimrod If you want no DNS-Leaks and the WG-Clients need to connect to a DNS-Address, you have a problem.

        There was no such problem when i was using openvpn clients.

        Maybe use IP-Addresses for the endpoints instead of DNS-Addresses if you are able.

        If you are talking about endpoint addresses in wireguard peer configuration, thats what im already using. See below.

        b78aa875-989a-45e3-9955-03a2a4a4777d-image.png

        Whats puzzling to me is the fact that this current configuration of mine is working fine once i go to System-General Setup and press save without changing any settings.

        B 1 Reply Last reply Nov 26, 2024, 12:34 PM Reply Quote 0
        • B
          Bob.Dig LAYER 8 @nimrod
          last edited by Nov 26, 2024, 12:34 PM

          @nimrod said in DNS issue with mullvad wireguard clients.:

          Whats puzzling to me is the fact that this current configuration of mine is working fine once i go to System-General Setup and press save without changing any settings.

          I can't explain that but I would switch to another DNS-Server, this one seems to be to special. Try one of those
          https://mullvad.net/en/help/dns-over-https-and-dns-over-tls#specifications
          And also put in the hostname. And enable DoT in Unbound (TLS).

          N 1 Reply Last reply Nov 26, 2024, 12:51 PM Reply Quote 1
          • N
            nimrod @Bob.Dig
            last edited by Nov 26, 2024, 12:51 PM

            @Bob-Dig said in DNS issue with mullvad wireguard clients.:

            @nimrod said in DNS issue with mullvad wireguard clients.:

            Whats puzzling to me is the fact that this current configuration of mine is working fine once i go to System-General Setup and press save without changing any settings.

            I can't explain that but I would switch to another DNS-Server, this one seems to be to special. Try one of those
            https://mullvad.net/en/help/dns-over-https-and-dns-over-tls#specifications
            And also put in the hostname. And enable DoT in Unbound (TLS).

            You nailed it man. I did exactly what you said, rebooted, and DNS i working flawlessly without any leaks. And DoT is a bonus. Thank you very much good sir. Ill mark this as resolved.

            B 1 Reply Last reply Nov 26, 2024, 1:32 PM Reply Quote 1
            • B
              Bob.Dig LAYER 8 @nimrod
              last edited by Nov 26, 2024, 1:32 PM

              @nimrod said in [SOLVED] DNS issue with mullvad wireguard clients.:

              Ill mark this as resolved.

              Great, although that was more luck than anything else. 😉
              If you still have problems, maybe switching the DNS to WAN instead of the VPN will solve it. With DoT it is still encrypted and you have to trust mullvad in any case.

              N 1 Reply Last reply Nov 26, 2024, 1:43 PM Reply Quote 1
              • N
                nimrod @Bob.Dig
                last edited by Nov 26, 2024, 1:43 PM

                @Bob-Dig said in [SOLVED] DNS issue with mullvad wireguard clients.:

                @nimrod said in [SOLVED] DNS issue with mullvad wireguard clients.:

                Ill mark this as resolved.

                Great, although that was more luck than anything else. 😉

                Well, it worked. And it never came to my mind yesterday. I wasted hours on this with no acceptable solution.

                If you still have problems, maybe switching the DNS to WAN instead of the VPN will solve it.

                Switching to WAN produces DNS leak with my old settings.

                With DoT it is still encrypted and you have to trust mullvad in any case.

                I dont have problem with that. Thats how it was when i was using openvpn. But openvpn didnt had issues with DNS once i reboot.

                1 Reply Last reply Reply Quote 0
                • N nimrod referenced this topic on Nov 28, 2024, 5:52 PM
                7 out of 7
                • First post
                  7/7
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                  This community forum collects and processes your personal information.
                  consent.not_received