Hi all,
I am quite new to opnsense moved over from pfsense.
So I followed this great guide for my setup https://forum.opnsense.org/index.php?topic=23339.0 (https://forum.opnsense.org/index.php?topic=23339.0)
And then followed the opnsense road warrior guide https://docs.opnsense.org/manual/how-tos/wireguard-client.html# (https://docs.opnsense.org/manual/how-tos/wireguard-client.html#) for wireguard.
Wireguard is working I can connect to my home lan and access my services however its via ip address only I do not have DNS resolution that's what I am trying to fix.
I am using Unbound split DNS from the first tutorial listed to resolve internal addresses and it works great except for through wireguard
On the wireguard client on my phone I have 10.0.0.1 and 192.168.13.254 as my dns servers
I am not sure how proceed or debug it really.
Thanks
More config
Possibly related?
#7148 (https://github.com/opnsense/core/issues/7148)
#6909 (https://github.com/opnsense/core/issues/6909)
Quote from: Squiggley on February 11, 2024, 07:36:10 PM
Hi all,
I am quite new to opnsense moved over from pfsense.
So I followed this great guide for my setup https://forum.opnsense.org/index.php?topic=23339.0 (https://forum.opnsense.org/index.php?topic=23339.0)
What are you doing with HAProxy? Are the sites you're trying to access through that?
Quote from: Squiggley on February 11, 2024, 07:36:10 PM
Wireguard is working I can connect to my home lan and access my services however its via ip address only I do not have DNS resolution that's what I am trying to fix.
I am using Unbound split DNS from the first tutorial listed to resolve internal addresses and it works great except for through wireguard
On the wireguard client on my phone I have 10.0.0.1 and 192.168.13.254 as my dns servers
I am not sure how proceed or debug it really.
Thanks
What are 10.0.0.1 and 192.168.13.254?
Remove the Wireguard ACL from Unbound and just switch it to Allow as the default action.
Sorry for the delay in getting back to you I have been away.
Thanks @Kinerg but both of them are not functioning whereas mine is totally functioning I just cannot access my internal services by fqdn.
Thanks for the reply CJ in answer to your questions
I am hosting a bunch of services that are served up from my UnRaid server in docker containers. I can access them all from my desktop using the fqdn for each one.
192.168.13.254 is the physical address of my opnsense box
10.0.0.1 I think is the address of the wireguard interface
I disabled the Wireguard ACL and the default action was already set to allow, restarted Unbound and its still the same no DNS to my internal services
Thanks
Quote from: Squiggley on February 23, 2024, 04:27:58 PM
Sorry for the delay in getting back to you I have been away.
Thanks @Kinerg but both of them are not functioning whereas mine is totally functioning I just cannot access my internal services by fqdn.
Thanks for the reply CJ in answer to your questions
I am hosting a bunch of services that are served up from my UnRaid server in docker containers. I can access them all from my desktop using the fqdn for each one.
192.168.13.254 is the physical address of my opnsense box
10.0.0.1 I think is the address of the wireguard interface
I disabled the Wireguard ACL and the default action was already set to allow, restarted Unbound and its still the same no DNS to my internal services
Thanks
I find it easier and IMO more secure to host my proxy on a separate server instead of trying to shoehorn it onto OPNSense. There are several that work well with docker containers.
Turn on logging for your WG firewall rule and then look at the live view under Firewall -> Logs. You can narrow it to just the WG interface. Is anything being blocked there? Do you see connections on port 53?
Are you using just Unbound or do you have something like pihole, adguard, etc as well?
Thanks again for the response CJ, after furthering my config I have found it not Wireguard that's at fault here. I have internal DNS working on my LAN but not on any of my VLANS which includes Wireguard.
So I guess I need to solve that first afore I continue looking at Wireguard. I might however follow your suggestion and try it on my unraid server it has it built in now.
Thanks again
Quote from: Squiggley on February 27, 2024, 08:32:15 AM
Thanks again for the response CJ, after furthering my config I have found it not Wireguard that's at fault here. I have internal DNS working on my LAN but not on any of my VLANS which includes Wireguard.
So I guess I need to solve that first afore I continue looking at Wireguard. I might however follow your suggestion and try it on my unraid server it has it built in now.
Thanks again
Good luck. I'd wager it's something to do with what you set up from that first tutorial for split DNS but I've not looked through it to see what it says.