OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • English Forums »
  • Virtual private networks »
  • unbound not servicing queries from wireguard client
« previous next »
  • Print
Pages: [1]

Author Topic: unbound not servicing queries from wireguard client  (Read 358 times)

ArchesPark

  • Newbie
  • *
  • Posts: 1
  • Karma: 0
    • View Profile
unbound not servicing queries from wireguard client
« on: March 29, 2024, 04:59:43 pm »
Running OPNsense 24.1.4-amd64
Routing, vlans, firewalling, dhcp, unbound, wireguard all apparently runs smoothly

Run into the following issue:
- Clients connect to wireguard, quick and easy. (each client lands at an address within 192.168.11.0/24)
- Acces to the diferent vlans, ip and ports runs smoothly as far as no dns resolution is involved.
- However wireguard clients don't get response when querying unbound at 192.168.11.1 (wich is the config i normally set for the client)
- Name resolution for non wiregurad clients runs with no issue, in each lan unbound is listening at the same ip than the gateway.
- If i configure the wireguard client to query dns at any valid address other than wireguard subnet gateway it resolves nicely (for example 192.168.10.1 which is one of the user's vlan)

Things I've checked:
- wireguard client
  In the [Interface] section. The DNS to use is properly set: DNS = 192.168.11.1
  In the [Peer] section. The DNS address is among the allowed IP: AllowedIPs = 192.168.11.1/32, ......
- Firewall rules
  The address assigned to the client has access to any other addres.
  For the shake of testing I've added a rule explicitely allowing access to the 192.168.11.1 address and logged the access. It recorded and shows as allowed but still no response from unbount
- Unbound configuration
  General Panel: Unbound is set to listen on all interfaces. I've tried setting Unbound to explicitely listen on the wireguard interface (which is defined) but it mades no diference so i revert to listen on all interfaces
  logs: I've maximized log collection but i don't reach to see the queryies i'm issuing in the unbound log. No error either.
  Access List: I haven't defined any. I believe it is not necessary. Just in case i've done the test of defining one allowing the queries from the Wireguard network. Made no difference so I removed it.

At this point I feel rather lost. Looks like a bug to me but I'm not experienced enough to directly open this as a bug without first asking for help.
Can anyone provide guidance on how to trobleshoot this issue?

Thanks a lot in advance.

-------------------------------

My very own mistake. The firwall rule for allowing ip's in the wireguard network to access the dns at the gateway  ip was missing and also somehow i also missed the firewall log records showing that the access was rejected.
« Last Edit: April 01, 2024, 04:27:56 pm by ArchesPark »
Logged
  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • English Forums »
  • Virtual private networks »
  • unbound not servicing queries from wireguard client
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2