Hi All,
Pretty new to OPNsense, but loving it so far!
I have followed the docs (https://docs.opnsense.org/manual/how-tos/wireguard-client.html) for the setup of OPNsense being a WireGuard server and setup WireGuard client on my iPhone.
I am using Unbound DSN on the OPNsense device.
I have a successful connection, traffic flowing, etc.
From my iPhone, I can navigate to LAN addresses, by IP, but cant navigate using DNS name.
Using a tool such as iNet on iPhone, I can scan the LAN network, and port scan both the WireGuard interface address and LAN gateway address - and can see ports 53, 80,443 are open.
I have tried setting the client DNS to both the WireGuard HW and LAN GW addresses, I just can not get the DNS resolution to work!
Any pointers would be greatly received!
Server config;
# cat /usr/local/etc/wireguard/wg1.conf
[Interface]
PrivateKey = xxx
Address = 192.168.10.1/24
ListenPort = 51820
[Peer]
PublicKey = xxx
AllowedIPs = 192.168.10.50/32
Client config;
[Interface]
PrivateKey = xxx
Address=192.168.10.50/32
DNS=192.168.5.1
[Peer]
PublicKey = xxx
AllowedIPs = 192.168.0.0/16
Endpoint = wg.mydomain.co.uk:51820
have you tried your Tunnel Address as dns in wireguard app on your iphone?
i used this guide when setting it up: https://miha-kralj.medium.com/vpn-with-wireguard-on-opnsense-7bc1d7451a6e (https://miha-kralj.medium.com/vpn-with-wireguard-on-opnsense-7bc1d7451a6e)
Hi
Yeah, tried the WG interface as DNS and the LAN interface. Neither seems to work.
Wow! Thanks for that link!!!
I was missing the port forward. For a 0.0.0.0/0 range I now get dns resolution on external addresses, but not internal 😟
good to hear it is (somewhat) working now.
try to go over the guide step by step to see what is different or maybe missing....
Still no joy here 😟
Access is almost perfect;
I can ping LAN hosts, and load web pages from them via IP.
I can route through LAN to outside (using allowed IP of 0.0.0.0/0), load web pages, etc without issue.
I can see DNS queries for external addresses from my WG client on my Unbound DNS service on OPNsense.
I dont see any queries for local addresses here.
I just don't seem to be able to resolve LAN IPs...
hmmm, found an iOS DNS lookup tool - I do see DNS queries on unbound, but the client doesnt get a response;
2022-08-03T16:38:43 Informational unbound [7403:3] info: x.x.x.x yyy.local. MX IN
2022-08-03T16:38:43 Informational unbound [7403:2] info: x.x.x.x yyy.local. AAAA IN
2022-08-03T16:38:43 Informational unbound [7403:1] info: x.x.x.x yyy.local. A IN
EDIT:
An nslookup for yyy.local on my laptop doesnt return anything either 😟 doh!
However, an nslookup for zzz.local does, on both laptop and iOS - yet the web page on this device won't load on iOS 😟
EDIT2:
Damn typos! I entered wrong address - yyy.local does resolve on my laptop
Solved!
Simple update, don't override domain with 'local' !!!
Changed domain overrides to 'localdomain', and everything works! Yay!
great to hear it is working now.
And if you are going to use ipv6, you can add ://0 (like with allowed ip's 0.0.0.0/0 )