I am hoping that someone can explain to me why the following DNS issue is happening. I cannot figure it out. I used this guide as a... guide https://docs.opnsense.org/manual/how-tos/wireguard-client-mullvad.html
I download a Linux .conf file from mullvad.net.
[Interface]
PrivateKey = *******************************************
Address = 10.64.30.159/32,fc00:bbbb:bbbb:bb01::1:1e9e/128
DNS = 10.64.0.1
[Peer]
PublicKey = egl+0TkpFU39F5O6r6+hIBMPQLOa8/t5CymOZV6CC3Y=
AllowedIPs = 0.0.0.0/0,::0/0
Endpoint = 45.129.56.67:51820
I plug this into WireGuard
Interface > Local
Peer > Endpoints
and those the Local and those the Endpoint as Peer.
(https://forum.opnsense.org/index.php?action=dlattach;topic=31334.0;attach=24497;image%5D)
(https://forum.opnsense.org/index.php?action=dlattach;topic=31334.0;attach=24499;image)
Connect, no errors:
interface: wg2
public key: PkALQNDZXNxK43Fd079oAdTT2MLLQERTl2Zx6SkFfBQ=
private key: (hidden)
listening port: 51820
peer: R5LUBgM/1UjeAR4lt+L/yA30Gee6/VqVZ9eAB3ZTajs=
endpoint: 45.129.56.68:51820
allowed ips: ::/0, 0.0.0.0/0
latest handshake: 35 seconds ago
transfer: 676.02 MiB received, 23.65 MiB sent
persistent keepalive: every 30 seconds
I can connect to mullvad.net and see that i am connected and have no DNS leaks. But I cannot resolve any DNS queries.
I am guessing it is a mistake in my Unbound DNS configuration.
Services: Unbound DNS: General
(https://forum.opnsense.org/index.php?action=dlattach;topic=31334.0;attach=24495;image)
Here is just some general settings.
System: Settings: General
(https://forum.opnsense.org/index.php?action=dlattach;topic=31334.0;attach=24501;image)
I have tried to add 10.64.0.1 as a DNS server to "System: Settings: General", that didn't work either. There are two ways in which I have gotten around this, but none of them are really optimal.
1. Is to set 10.64.0.1 on the Services: DHCPv4: [LAN]. That works, but it bypassed the Unbound DNS blocklist.
2. The second option is slighty better, is too use Mullvad DoT/DoH DNS servers, whereby the DNS blocklist still works, but it is slower.
Can someone spot my mistake. Where am I gonna since I cannot just have the DNS server from the WireGuard configuration work?
I have out of curioisty subscribed to ProtonVPN and I did the same simple setup just adding the Interface and Peer entries from a .conf file. And that worked.
It appears to be an issues between my setup and Mullvad. I just do not know why or how.
I set mine up with a gateway, not sure if this is the issue. I did not touch unbound and am using a separate DNS server for local DNS. I don't think this has anything to do with unbound, as your config would send all traffic down the tunnel (0.0.0.0/0). Did you create the outbound NAT rule, as I didn't see that in your screenshots?
I attached my config if that helps.
(https://i.ibb.co/vzBFkC2/Screenshot-2022-12-05-at-11-56-59-PM.png) (https://ibb.co/0JX7rpP)
(https://i.ibb.co/q0KCcNK/Screenshot-2022-12-05-at-11-58-13-PM.png) (https://ibb.co/JxVqGvV)
I had a screenshot of my Outbound NAT, but I couldn't post more than 4 :D
I guess I would try a sett up a gateway.
Took me a while to configure WG on OPNsense (still working out some small issues) and had a similar problem to yours. Might be a a firewall DNS redirect problem, but here's my entire setup and difference compared to yours, which works well:
-in vpn "local," left DNS blank, unchecked "disable route" and left gateway blank
-set up an interface, static IPV4, IPV4 address your tunnel address, create an upstream gateway
-in system/gateways, interface should be abovementioned, address family IpV4, Ip address 10.64.0.1, far gateway checked and rest unchecked
firewall:interface - abovementioned, protocol TCP/UDP, source port and address any, destination address [gateway]address, destination port DNS, IP 127.0.0.1, redirect target port DNS //this redirects DNS requests made through your VPN gateway to local DNS server.
Hope this helps
Yes good idea. That might work since 10.64.0.1 is Mullvad default gateway