English Forums > General Discussion
Wireguard Tunnel Connects but No Internet/DNS Resolution
rsbonini:
I have a Wireguard server up and running and multiple clients are able to connect to it and rest of the LAN reliably.
The clients are not able to reach the internet when connected to the tunnel. I think it's a failure to get DNS resolutions.
I would like connected clients to be forced to use the UnBound DNS service running on OPNSense. I've gone through the OPNSense Wireguard documentation and double checked interface names, NAT rules, IP address formatting, DNS Access Control Lists, etc, and I'm just not seeing where I've gone wrong.
Anyone mind taking a look and letting me know if they have some suggestions?
Here's the Wireguard config as a starting point:
--- Code: --- <wireguard>
<general version="0.0.1">
<enabled>1</enabled>
</general>
<server version="0.0.2">
<servers>
<server uuid="######">
<enabled>1</enabled>
<name>WGVPN</name>
<instance>0</instance>
<pubkey>######=</pubkey>
<privkey>######=</privkey>
<port>######</port>
<mtu/>
<dns/>
<tunneladdress>10.10.2.1/24</tunneladdress>
<disableroutes>0</disableroutes>
<gateway/>
<peers>######</peers>
</server>
</servers>
</server>
<client version="0.0.6">
<clients>
<client uuid="######">
<enabled>1</enabled>
<name>C1</name>
<pubkey>######=</pubkey>
<psk/>
<tunneladdress>10.10.2.104/32</tunneladdress>
<serveraddress/>
<serverport>######</serverport>
<keepalive/>
</client>
<client uuid="######">
<enabled>1</enabled>
<name>C2</name>
<pubkey>######=</pubkey>
<psk/>
<tunneladdress>######</tunneladdress>
<serveraddress/>
<serverport>######</serverport>
<keepalive/>
</client>
<client uuid="######">
<enabled>1</enabled>
<name>C3</name>
<pubkey>######=</pubkey>
<psk/>
<tunneladdress>10.10.2.105</tunneladdress>
<serveraddress/>
<serverport>######</serverport>
<keepalive/>
</client>
<client uuid="######">
<enabled>1</enabled>
<name>C4</name>
<pubkey>######=</pubkey>
<psk/>
<tunneladdress>10.10.2.107/32</tunneladdress>
<serveraddress/>
<serverport>######</serverport>
<keepalive/>
</client>
<client uuid="######">
<enabled>1</enabled>
<name>C5</name>
<pubkey>######=</pubkey>
<psk/>
<tunneladdress>10.10.2.110</tunneladdress>
<serveraddress/>
<serverport>######</serverport>
<keepalive/>
</client>
</clients>
</client>
</wireguard>
--- End code ---
RamSense:
Hi rsbonini,
I think you have added wireguard with wg interface added.
In the client wg config have you added dns: ip of wireguard interface? 10.10.2.1?
I used this guide when I set wg up on my opnsense:
https://homenetworkguy.com/how-to/configure-wireguard-opnsense/
tiermutter:
Looks like there is nothing configures for DNS...
rsbonini:
So I did go through that guide for Wireguard setup, and couldn't find anything missing, everything seems to match.
--- Quote from: tiermutter on October 28, 2022, 09:18:22 am ---Looks like there is nothing configures for DNS...
--- End quote ---
What in the configuration needs to be set for DNS? As far as I can tell I only need to set the DNS address (the server's tunnel address) on the client side. I've got UnBound applied to the Wireguard interface and I have the server's tunnel address on the UnBound Access list. Is there something in the Wireguard config I am missing?
Also, this should clearly be in the VPN sub-forum, if a mod wants to move that over there it'd be great appreciated.
tiermutter:
I am not using unbound, so can´t say anything about how to configure for this situation.
You told that you´re not sure if it is a DNS problem...
Is there a query log in unbound to check whether the requests are reaching unbound or not?
There is an interface assigned to WG and a FW rule allowing WG to any/WAN?
Can you provide scrennshots of WG config, FW rules, ...?
Navigation
[0] Message Index
[#] Next page
Go to full version