Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
[Solved] Anyone use Wireguard + NextDNS CLI and have DNS working?
« previous
next »
Print
Pages: [
1
]
Author
Topic: [Solved] Anyone use Wireguard + NextDNS CLI and have DNS working? (Read 3188 times)
Giant850
Newbie
Posts: 26
Karma: 0
[Solved] Anyone use Wireguard + NextDNS CLI and have DNS working?
«
on:
April 16, 2021, 05:42:36 am »
I'm in a bit of a pickle, trying to get WireGuard (kernel module) on OPNSense working + NextDNS CLI playing well together. As far as I can tell, WireGuard itself is working perfectly as I can ping LAN/WAN/Internet addresses all day long without issue.
Problem: If I point my wireguard clients to the OPNSense LAN IP (10.13.2.1) for DNS (in the WireGuard client), they are unable to resolve DNS queries. I have NextDNS CLI running on OPNSense, and my DHCP clients use 10.13.2.1 as the DNS resolver without issue.
I have a legacy RasperryPi running Pi-hole, and if I point the Wireguard client to that IP (10.13.2.200), then DNS resolution works just fine.
From the WG client I can ping 10.13.2.1, no problem. I also ran a portscan from my WG client (iphone) and the port scan shows port 53 listening on 10.13.2.1. But DNS resolution from the WG network when pointed to the OPNSense LAN IP just won't work and I can't figure out why.
Any ideas?
«
Last Edit: April 16, 2021, 04:18:44 pm by Giant850
»
Logged
juere
Jr. Member
Posts: 91
Karma: 8
Re: Anyone use Wireguard + NextDNS CLI and have DNS working?
«
Reply #1 on:
April 16, 2021, 08:04:10 am »
I'm not really familiar with NextDNS CLI, but if the WireGuard clients can reach your Pi-hole, the firewall rules relevant for DNS are probably OK and not the problem. I would assume, somehow NextDNS CLI maintains an internal accesslist for allowed clients (as other DNS resolvers, namely Unbound do) and your WireGuard clients are not part of this list.
I this is so, there would be two options:
- find that list and edit it in NextDNS CLI configuration
might have something to do with
https://github.com/nextdns/nextdns/wiki/Conditional-Configuration
- use Unbound to forward to NextDNS CLI on the OPNsense and edit the access lists under "Services -> Unbound -> Access List" to include the WireGuard Clients
Logged
Giant850
Newbie
Posts: 26
Karma: 0
Re: Anyone use Wireguard + NextDNS CLI and have DNS working?
«
Reply #2 on:
April 16, 2021, 04:18:22 pm »
Thanks for the reply, much appreciated! So I found a solution to my problem. I had to disable route mode on the NextDNS client:
setup-router false
Then I configured NextDNS to listen on my LAN IP and loopback:
listen 10.13.2.1:53
listen localhost:53
Restarted the NextDNS service, and now WireGuard clients can resolve via NextDNS.
Logged
Giant850
Newbie
Posts: 26
Karma: 0
Re: [Solved] Anyone use Wireguard + NextDNS CLI and have DNS working?
«
Reply #3 on:
April 16, 2021, 11:40:28 pm »
For the a step by step walk-through of the configuration, there's this blog post:
https://www.derekseaman.com/2021/04/how-to-nextdns-opnsense-firewall.html
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
[Solved] Anyone use Wireguard + NextDNS CLI and have DNS working?