Show Posts
1
General Discussion / Wireguard : tunnel up and running but DNS resolved locally
« on: April 06, 2020, 06:51:52 am »
Hello,
I have successfully established a Wireguard Connection between my OPNsense router (in Canada) and a linux server (in France) where I installed Wireguard.
I am able to create firewall rules in order to pass some traffic through that tunnel. For example I can make my laptop in Canada go out through the Wireguard tunnel instead of the WAN, so that it gets the french public ip address.
The only issue that I have is DNS resolution. Even though I've designed the firewall rule to pass ALL traffic through the Wireguard Gateway, DNS is still resolved locally, that is in Canada and NOT at the other end of the wireguard tunnel in France ...
I tried setting different "DNS Servers" in the local configuration part of Wireguard on OPNsense but none of them worked.
Am I missing something here ? Is that even possible with OPNsense ? If instead of connecting OPNsense, I connect with my phone to the Wireguard server, I do get the french IP and the french DNS.
The reason behind this is that some geo restrictions are based on public IP addresses and DNS. If you appear with a certain IP but you resolve it through a DNS that's on the other side of the world, some content provider will block you.
I attached a few pictures of my config in case that helps. Thank you in advance
Pierre
I have successfully established a Wireguard Connection between my OPNsense router (in Canada) and a linux server (in France) where I installed Wireguard.
I am able to create firewall rules in order to pass some traffic through that tunnel. For example I can make my laptop in Canada go out through the Wireguard tunnel instead of the WAN, so that it gets the french public ip address.
The only issue that I have is DNS resolution. Even though I've designed the firewall rule to pass ALL traffic through the Wireguard Gateway, DNS is still resolved locally, that is in Canada and NOT at the other end of the wireguard tunnel in France ...
I tried setting different "DNS Servers" in the local configuration part of Wireguard on OPNsense but none of them worked.
Am I missing something here ? Is that even possible with OPNsense ? If instead of connecting OPNsense, I connect with my phone to the Wireguard server, I do get the french IP and the french DNS.
The reason behind this is that some geo restrictions are based on public IP addresses and DNS. If you appear with a certain IP but you resolve it through a DNS that's on the other side of the world, some content provider will block you.
I attached a few pictures of my config in case that helps. Thank you in advance
Pierre