I currently have an OpenWRT router configured to work as a travel router w/ wireguard tunnel. Essentially I have one Radio acting as a AP for my devices, and the other radio connects to an upstream wireless signal and forwards internet there. I also have attached a wireguard configuration to act as a tunnel. With this config, I can succesfully use my home network as a wireguard tunnel.
Currently the wwan interface uses 220.127.116.11 as a DNS IP, but I would like to use the DNS IP on my home network (
192.168.1.1) to send DNS queries. However, when I try to replace the Cloudflare DNS IP resolver with my home network's resolver, none of the queries can be resolved. I also tested this with 18.104.22.168 and the behavior is the same.
# /etc/config/network config interface 'loopback' option device 'lo' option proto 'static' option ipaddr '127.0.0.1' option netmask '255.0.0.0' config globals 'globals' option ula_prefix 'fd7e:3fa9:619e::/48' config device option name 'br-lan' option type 'bridge' list ports 'eth0.1' config interface 'lan' option device 'br-lan' option proto 'static' option netmask '255.255.255.0' option ip6assign '60' # purposely set at a different IP than 192.168.1.1 option ipaddr '192.168.1.33' config interface 'wwan' option proto 'dhcp' option peerdns '0' # Not using a public DNS resolver causes an issue list dns '22.214.171.124' config interface 'wg' option proto 'wireguard' option private_key 'REDACTED' list addresses 'REDACTED/32' list dns '192.168.1.1' config wireguard_wg 'wgserver' option public_key 'REDACTED' option route_allowed_ips '1' list allowed_ips '0.0.0.0/0' option endpoint_host 'REDACTED' option endpoint_port 'REDACTED'
# /etc/config/firewall config defaults option input 'ACCEPT' option output 'ACCEPT' option forward 'REJECT' option synflood_protect '1' config zone option name 'lan' option input 'ACCEPT' option output 'ACCEPT' option forward 'ACCEPT' list network 'lan' config zone option name 'wan' option input 'ACCEPT' option output 'ACCEPT' option forward 'ACCEPT' option masq '1' option mtu_fix '1' list network 'wan' list network 'wan6' list network 'wwan' config zone option network 'wg' option name 'wireguard' option output 'ACCEPT' option input 'ACCEPT' option masq '1' option forward 'ACCEPT' config forwarding option src 'lan' option dest 'wireguard'
It's weird to me because I know this configuration & the wireguard peer on my homenetwork is working correctly because I have succesfully reproduced connected through a wireguard client on a mobile device, and checked the IPs using dnsleaktest.com.
[Interface] PrivateKey = REDACTED Address = REDACTED / 32 DNS = 192.168.1.1 [PEER] PublicKey = REDACTED AllowedIPs = 0.0.0.0/0 Endpoint = REDACTED_IP:REDACTED_PORT
The fact that I can use this wireguard client config on a mobile device makes me think I can apply this to my portable router. Does anyone know how to fix this? Or is it impossible with this configuration?
I used this discussion (Make Travel Router Send All Traffic to Home Wire Guard Server) for reference to route my router traffic.