1
General Discussion / Wireguard Tunnel Connects but No Internet/DNS Resolution
« on: October 28, 2022, 07:08:33 am »
I have a Wireguard server up and running and multiple clients are able to connect to it and rest of the LAN reliably.
The clients are not able to reach the internet when connected to the tunnel. I think it's a failure to get DNS resolutions.
I would like connected clients to be forced to use the UnBound DNS service running on OPNSense. I've gone through the OPNSense Wireguard documentation and double checked interface names, NAT rules, IP address formatting, DNS Access Control Lists, etc, and I'm just not seeing where I've gone wrong.
Anyone mind taking a look and letting me know if they have some suggestions?
Here's the Wireguard config as a starting point:
The clients are not able to reach the internet when connected to the tunnel. I think it's a failure to get DNS resolutions.
I would like connected clients to be forced to use the UnBound DNS service running on OPNSense. I've gone through the OPNSense Wireguard documentation and double checked interface names, NAT rules, IP address formatting, DNS Access Control Lists, etc, and I'm just not seeing where I've gone wrong.
Anyone mind taking a look and letting me know if they have some suggestions?
Here's the Wireguard config as a starting point:
Code: [Select]
<wireguard>
<general version="0.0.1">
<enabled>1</enabled>
</general>
<server version="0.0.2">
<servers>
<server uuid="######">
<enabled>1</enabled>
<name>WGVPN</name>
<instance>0</instance>
<pubkey>######=</pubkey>
<privkey>######=</privkey>
<port>######</port>
<mtu/>
<dns/>
<tunneladdress>10.10.2.1/24</tunneladdress>
<disableroutes>0</disableroutes>
<gateway/>
<peers>######</peers>
</server>
</servers>
</server>
<client version="0.0.6">
<clients>
<client uuid="######">
<enabled>1</enabled>
<name>C1</name>
<pubkey>######=</pubkey>
<psk/>
<tunneladdress>10.10.2.104/32</tunneladdress>
<serveraddress/>
<serverport>######</serverport>
<keepalive/>
</client>
<client uuid="######">
<enabled>1</enabled>
<name>C2</name>
<pubkey>######=</pubkey>
<psk/>
<tunneladdress>######</tunneladdress>
<serveraddress/>
<serverport>######</serverport>
<keepalive/>
</client>
<client uuid="######">
<enabled>1</enabled>
<name>C3</name>
<pubkey>######=</pubkey>
<psk/>
<tunneladdress>10.10.2.105</tunneladdress>
<serveraddress/>
<serverport>######</serverport>
<keepalive/>
</client>
<client uuid="######">
<enabled>1</enabled>
<name>C4</name>
<pubkey>######=</pubkey>
<psk/>
<tunneladdress>10.10.2.107/32</tunneladdress>
<serveraddress/>
<serverport>######</serverport>
<keepalive/>
</client>
<client uuid="######">
<enabled>1</enabled>
<name>C5</name>
<pubkey>######=</pubkey>
<psk/>
<tunneladdress>10.10.2.110</tunneladdress>
<serveraddress/>
<serverport>######</serverport>
<keepalive/>
</client>
</clients>
</client>
</wireguard>