Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Wireguard gateway connection issues when using domain names for peer endpoints

    Scheduled Pinned Locked Moved DHCP and DNS
    25 Posts 3 Posters 519 Views 2 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P Offline
      pfsenseuser10293 @chrcoluk
      last edited by pfsenseuser10293

      @chrcoluk Under System logs -> Firewall -> Normal view where the blocks to quad9 were appearing on wan interface, I also tested clicking the + sign on the desintation column "EasyRule: Pass this traffic" for all the entries. After that I restarted wireguard and it some how made the issue worse. None of the wireguard interfaces go up now. Before, at least some of them would successfully come online. They're all Offline, Packetloss 100% now, even after removing the new WAN interface allow rules and restarting wireguard. I had to add the IP address to the mullvad wireguard peer endpoint.

      b9398a9a-98b7-4fb8-983b-467ed5dd992d-image.png

      I think this just may be a distraction. I will focus back on understanding and doing the bind method

      1 Reply Last reply Reply Quote 0
      • P Offline
        pfsenseuser10293 @chrcoluk
        last edited by

        @chrcoluk going back to the Bind method: I think I understand what it's doing; making localhost (pfsense) bypass unbound but i'm really confused on what settings to change on Bind..

        been trying to find resource online for editing it.

        1 Reply Last reply Reply Quote 0
        • P Offline
          pfsenseuser10293 @pfsenseuser10293
          last edited by pfsenseuser10293

          Hi again,

          Interestingly, after playing around with more settings, this seems to have fixed is completely!:

          in system -> general setup:

          0eef5187-5684-40c6-81fd-66a988f4bf81-image.png

          I change it from:
          use local DNS (127.0.0.1), ignore remote DNS Servers to
          Use local DNS (127.0.0.1), fall back to remote dns servers (default)

          I dont seem to be getting DNS leaks (from dnscheck.tools) and now I can restart, stop/start wireguard and all wireguard gateways come up really fast now.

          Do you know what Use local DNS (127.0.0.1), fall back to remote dns servers (default) is doing? and why this works? Any privacy concern using this?

          Thank you!

          C 1 Reply Last reply Reply Quote 1
          • C Offline
            chrcoluk @pfsenseuser10293
            last edited by chrcoluk

            @pfsenseuser10293 using localhost will make it use the service you have configured whether thats unbound or bind. otherwise pfSense can query forwarders directly.

            It will probably be fine how you set it now, pfSense only needs DNS for its own updates, news widget on dash, and to connect to the VPN's.

            I did forget about that option.

            pfSense CE 2.8.0

            P 1 Reply Last reply Reply Quote 0
            • P Offline
              pfsenseuser10293 @chrcoluk
              last edited by

              @chrcoluk SWEEEEEEEEEEEEEEEEET. Thank you so much for your help!!!! I guess I dont need to do the bind method then! Thank goodness!!

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.