Changing used DNS server for only one specific WireGuard interface?

Started by optical, May 25, 2025, 12:15:24 AM

Previous topic - Next topic
Hi there, I followed this guide: https://docs.opnsense.org/manual/how-tos/wireguard-selective-routing.html and it works great, thanks for that.

But, I have one tunnel out of my 5 established tunnels at ProtonVPN that I want specifically use ProtonVPN's DNS server (Specified as 10.2.0.1 as per their provided wireguard config file) instead of using 192.168.1.2, my home self-hosted AdGuard DNS server, which DHCP defaults to.

It must be more complicated than simply changing /etc/resolv.conf from 192.168.1.2 which was already there, to 10.2.0.1 which I tried.  It doesn't work, nothing resolves.  And furthermore, 10.2.0.1 is not even pingable

So then I figured maybe I have to go into OPNsense, to VPN > WireGuard > Instances > Proton_SE (my tunnel)
toggled, advanced options to uncover the DNS Server: field which was blank by default, and entered 10.2.0.1 into there, and STILL nothing

So what is the story here?

Where do we specify the DNS server for this one tunnel? I'm really hoping it's as simple as filling the value into a field and doesn't require a ton of custom rules.  Why does that DNS Server box even exist otherwise?

Thank you in advance!

How would any resolving system (OPNsense itself or a client in the network) if the outbound traffic will go trough the ProtonVPN "uplink" or anything else?

It will be impossible to direct DNS requests through ProtonVPN if you don't know before doing a lookup which destination will be used. Or the bigger question may be, how do you decide where traffic will go out?