OPNsense Forum
English Forums => Virtual private networks => Topic started by: QuaCKeReD on August 01, 2022, 05:01:42 pm
-
Hi All,
Pretty new to OPNsense, but loving it so far!
I have followed the docs (https://docs.opnsense.org/manual/how-tos/wireguard-client.html) for the setup of OPNsense being a WireGuard server and setup WireGuard client on my iPhone.
I am using Unbound DSN on the OPNsense device.
I have a successful connection, traffic flowing, etc.
From my iPhone, I can navigate to LAN addresses, by IP, but cant navigate using DNS name.
Using a tool such as iNet on iPhone, I can scan the LAN network, and port scan both the WireGuard interface address and LAN gateway address - and can see ports 53, 80,443 are open.
I have tried setting the client DNS to both the WireGuard HW and LAN GW addresses, I just can not get the DNS resolution to work!
Any pointers would be greatly received!
Server config;
# cat /usr/local/etc/wireguard/wg1.conf
[Interface]
PrivateKey = xxx
Address = 192.168.10.1/24
ListenPort = 51820
[Peer]
PublicKey = xxx
AllowedIPs = 192.168.10.50/32
Client config;
[Interface]
PrivateKey = xxx
Address=192.168.10.50/32
DNS=192.168.5.1
[Peer]
PublicKey = xxx
AllowedIPs = 192.168.0.0/16
Endpoint = wg.mydomain.co.uk:51820
-
have you tried your Tunnel Address as dns in wireguard app on your iphone?
i used this guide when setting it up: https://miha-kralj.medium.com/vpn-with-wireguard-on-opnsense-7bc1d7451a6e (https://miha-kralj.medium.com/vpn-with-wireguard-on-opnsense-7bc1d7451a6e)
-
Hi
Yeah, tried the WG interface as DNS and the LAN interface. Neither seems to work.
-
Wow! Thanks for that link!!!
I was missing the port forward. For a 0.0.0.0/0 range I now get dns resolution on external addresses, but not internal 😟
-
good to hear it is (somewhat) working now.
try to go over the guide step by step to see what is different or maybe missing....
-
Still no joy here 😟
Access is almost perfect;
I can ping LAN hosts, and load web pages from them via IP.
I can route through LAN to outside (using allowed IP of 0.0.0.0/0), load web pages, etc without issue.
I can see DNS queries for external addresses from my WG client on my Unbound DNS service on OPNsense.
I dont see any queries for local addresses here.
I just don't seem to be able to resolve LAN IPs...
-
hmmm, found an iOS DNS lookup tool - I do see DNS queries on unbound, but the client doesnt get a response;
2022-08-03T16:38:43 Informational unbound [7403:3] info: x.x.x.x yyy.local. MX IN
2022-08-03T16:38:43 Informational unbound [7403:2] info: x.x.x.x yyy.local. AAAA IN
2022-08-03T16:38:43 Informational unbound [7403:1] info: x.x.x.x yyy.local. A IN
EDIT:
An nslookup for yyy.local on my laptop doesnt return anything either 😟 doh!
However, an nslookup for zzz.local does, on both laptop and iOS - yet the web page on this device won't load on iOS 😟
EDIT2:
Damn typos! I entered wrong address - yyy.local does resolve on my laptop
-
Solved!
Simple update, don’t override domain with ‘local’ !!!
Changed domain overrides to ‘localdomain’, and everything works! Yay!
-
great to hear it is working now.
And if you are going to use ipv6, you can add ://0 (like with allowed ip's 0.0.0.0/0 )