[SOLVED] WireGuard Road Warrior, no DNS resolution

[QuaCKeReD]

Hi All,

Pretty new to OPNsense, but loving it so far!

I have followed the docs (https://docs.opnsense.org/manual/how-tos/wireguard-client.html) for the setup of OPNsense being a WireGuard server and setup WireGuard client on my iPhone.

I am using Unbound DSN on the OPNsense device.

I have a successful connection, traffic flowing, etc.

From my iPhone, I can navigate to LAN addresses, by IP, but cant navigate using DNS name.

Using a tool such as iNet on iPhone, I can scan the LAN network, and port scan both the WireGuard interface address and LAN gateway address - and can see ports 53, 80,443 are open.

I have tried setting the client DNS to both the WireGuard HW and LAN GW addresses, I just can not get the DNS resolution to work!

Any pointers would be greatly received!

Server config;

Code Select Expand

# cat /usr/local/etc/wireguard/wg1.conf
[Interface]
PrivateKey = xxx
Address = 192.168.10.1/24
ListenPort = 51820

[Peer]
PublicKey = xxx
AllowedIPs = 192.168.10.50/32

Client config;

Code Select Expand

[Interface]
PrivateKey = xxx
Address=192.168.10.50/32
DNS=192.168.5.1

[Peer]
PublicKey = xxx
AllowedIPs = 192.168.0.0/16
Endpoint = wg.mydomain.co.uk:51820

[RamSense]

have you tried your Tunnel Address as dns in wireguard app on your iphone?

i used this guide when setting it up: https://miha-kralj.medium.com/vpn-with-wireguard-on-opnsense-7bc1d7451a6e

[QuaCKeReD]

Hi

Yeah, tried the WG interface as DNS and the LAN interface. Neither seems to work.

[QuaCKeReD]

Wow! Thanks for that link!!!
I was missing the port forward. For a 0.0.0.0/0 range I now get dns resolution on external addresses, but not internal 😟

[RamSense]

good to hear it is (somewhat) working now.
try to go over the guide step by step to see what is different or maybe missing....

[QuaCKeReD]

Still no joy here 😟

Access is almost perfect;
I can ping LAN hosts, and load web pages from them via IP.
I can route through LAN to outside (using allowed IP of 0.0.0.0/0), load web pages, etc without issue.

I can see DNS queries for external addresses from my WG client on my Unbound DNS service on OPNsense.
I dont see any queries for local addresses here.

I just don't seem to be able to resolve LAN IPs...

[QuaCKeReD]

hmmm, found an iOS DNS lookup tool - I do see DNS queries on unbound, but the client doesnt get a response;

Code Select Expand

2022-08-03T16:38:43 Informational unbound [7403:3] info: x.x.x.x yyy.local. MX IN
2022-08-03T16:38:43 Informational unbound [7403:2] info: x.x.x.x yyy.local. AAAA IN
2022-08-03T16:38:43 Informational unbound [7403:1] info: x.x.x.x yyy.local. A IN

EDIT:
An nslookup for yyy.local on my laptop doesnt return anything either 😟 doh!
However, an nslookup for zzz.local does, on both laptop and iOS - yet the web page on this device won't load on iOS 😟

EDIT2:
Damn typos! I entered wrong address - yyy.local does resolve on my laptop

[QuaCKeReD]

Solved!

Simple update, don't override domain with 'local' !!!

Changed domain overrides to 'localdomain', and everything works! Yay!

[RamSense]

great to hear it is working now.
And if you are going to use ipv6, you can add ://0 (like with allowed ip's 0.0.0.0/0 )