Still a lot to learn, so please educate me: by reading the official document WireGuard Selective Routing to External VPN Endpoint it seems there is no need to create a firewall rule for the DNS, and the only mention is at the very end of the document but just relating to DNS leaks (so I read it as optional):
1) why is there no need for firewall DNS rule?
2) as for the very last paragraph/note, I was expecting also the need to specify the destination port range i.e. DNS/DNS, but why is it not the case?
On a separate note, in the instance WG configuration there is a DNS servers setting, but it's not mentioned on any documentation, so what is that for?
I think you should define if you are using the dns provided by the vpn provider or an external one, through local dns or unbound dns or other
Quote from: FredFresh on October 24, 2024, 08:14:05 PM
I think you should define if you are using the dns provided by the vpn provider or an external one, through local dns or unbound dns or other
I want to use dns provided by the vpn provider
If you want to use it, I think you have to add the DNS ip provided by the dns provider to the wireguard/instances mask.
If you look to the proton vpn guide ehre, it is mentioned
https://docs.opnsense.org/manual/how-tos/wireguard-client-proton.html
There are guides more specific also for other VPN providers.
Quote from: FredFresh on October 26, 2024, 06:40:57 PM
If you want to use it, I think you have to add the DNS ip provided by the dns provider to the wireguard/instances mask.
For me, with or without the Proton DNS server IP address 10.2.0.1 nothing really changes: as long as I keep the port forward rule (see screenshot), then DNS seems to work properly, and still I don't understand the purpose of the DNS servers setting in the WG instance configuration...