Wireguard OPNsense DNS Resolution Broken - Solved

Started by bdika, October 15, 2021, 08:59:02 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
October 15, 2021, 08:59:02 PM Last Edit: October 25, 2021, 05:18:10 AM by bdika
I am new to OPNsense and firewall appliances.

I tried to set up Mullvad wireguard using https://notes.aliciasykes.com/18842/how-to-mullvad-vpn-using-wireguard-on-opnsense instructions.

I made the mistake of including Mullvad's DNS server in the local configuration and possibly breaking OPNsense's DNS according to this:

QuoteUPDATE #2 28 March 2021: This tutorial has been updated to remove reference to including the VPN provider's DNS servers in the Local configuration, as this can break DNS resolution on OPNsense itself. Also, if your network generally uses local DNS servers, you will likely experience DNS leaks unless you take further steps. Suggested solutions are proposed to be added to the official OPNsense documentation.

Is there a way I can restore OPNsense's DNS resolution.

I tried deleting Mullvad's DNS server address but still cannot access the internet through my browser. When I ssh into OPNsense appliance, I can access my lan computers and can ping www.google.com.

My setup is Modem --> Protectli (OPNsense) --> Netgear R7000 access point.

Any help would be much appreciated.

Bill Dika

EDIT: I got a working install of OPNsense and Mullvad using this link https://imgur.com/gallery/JBf2RF6 , Thanks to all that helped me below. Thanks to them, I realized it wasn't a DNS problem.
October 15, 2021, 11:40:41 PM #1
I suspect your issue is not the DNS server. It's a public IP and you aren't doing selective routing. That warning you quote is from a selective routing tutorial - in that case wg-tools' behaviour of overwriting resolv.conf can cause issues with resolution on OPNsense itself

But anyway, after deleting the DNS server in the WG settings, did you disable and re-enable the Local config, as the guide you used instructs? Worst case a reboot of OPNsense should fix the issue
October 16, 2021, 02:27:43 AM #2
Hi Greelan:

Thanks for the reply.

Quotedid you disable and re-enable the Local config, as the guide you used instructs

I thought that I did that, but I will try again tonight.

Quotea reboot of OPNsense should fix the issue

I thought that I did that too a number of times, but will retry tonight and post back.
October 16, 2021, 07:07:53 AM #3
Hi Greelan:

I did what you suggested and rebooted but any time I enable wireguard, I lose connection to the internet and can only access the OPNsense interface locally on my web browser but nothing else online.

If I disable wireguard, I get access to the internet.

Could this be a problem with my Nighthawk R7000 in access mode?

Any help would be much appreciated.

Bill Dika
October 16, 2021, 07:13:16 AM #4 Last Edit: October 16, 2021, 07:15:01 AM by Greelan
Try port 51820 on the endpoint rather than the multihop port

Otherwise you will need to post screenshots of your config (masking private keys) to troubleshoot
October 16, 2021, 08:12:48 PM #5
Hi Greelan:

I tried port 51820 without any luck.

Attached are my local-config, my endpoint-config.

Because of size limitations, I will post the outbound-config in the next post.

Thanks in advance. If you need any further information, just let me know.
October 16, 2021, 08:14:03 PM #6
Attached is my outbound-config.
October 18, 2021, 11:14:01 PM #7
Disable routes checked on local config make sure you have dns set in system setting general and make sure you're getting a handshake on Wireguard
October 21, 2021, 07:48:09 PM #8
Hi Cosmic:

Thanks for the reply. Sorry for the slow response.

I thought I had things set up as you suggested without any luck.

In any case, I am going back to a simple install and  step by step try again.

Thanks again.

Bill Dika
Print
Go Up Pages1
User actions