Hello! Just updated my AX6s to the latest release version and decided to make the things like it was advised in my other topic (main idea - don't use AdGuard Home). So for now installed all thing and everything works correctly, except one thing. If I use as DNS in wg config for client my router the client device has no access to 53 port of my router (I also want DoH to work via wg). For installing WG I used that manual => my wg interface is in one zone with lan. Also, when I set as DNS in client's config for example 1.1.1.1 it also don't work at all, but if I just delete DNS everything works.
I checked at client's device 192.168.1.1:53 always times out when I try to nslookup, but tcpdump on router says that I have some packets on wg interface on 53 udp.
From my notes how to setup a WireGuard server:
DNS server: standard your routers IP address, not all clients can deal with this (rebind protection, using the wgserver's interface IP address might help) but you router might also not listen on the wgserver's interface or only listens for local subnets (option localservice '0') so to be sure that you have got DNS resolution use 1.1.1.1
Bottom line first try with the IP address of the WG server if that does not help check that DNSMasq is listening on the WG server interface (it standard does) and make sure option localservice is disabled
As far as I understand dnsmasq listening everything, because I don't change anything in it's settings except installing https-dns-proxy package. If I set as DNS 10.0.0.1 in client's config it also doesn't work, as if I change it to 1.1.1.1 to. It works only if it isn't stated in config and I can't get why
Disabled and rebooted now, but situation doesn't change. Still no resolving
So find the solution. Slightly changed wg interface settings:
config interface 'wg0'
option proto 'wireguard'
option private_key 'priv_key'
option listen_port 'port'
list addresses '10.0.0.1/24'
list addresses '2001:db8::1/64'
option mtu '1412'
option delegate '0'
Also slightly changed client's config:
config wireguard_wg0
option description 'name' #not necessary
option public_key 'pub_key'
option preshared_key 'pre_key'
list addresses '2001:db8::2/128'
list allowed_ips '10.0.0.2/32'
list allowed_ips '2001:db8::2/128'
And set 10.0.0.1 as DNS in config + the thing that egc talled in his
post.
P.S. IPv6 is not necessary too, but for now it works and I don't want to change anything in order not to broke it again
List address does not belong here but you should add:
option route_allowed_ips '1'
P.S. you could have saved yourself some trouble had you followed my notes How to setup a WireGuard server 
But glad you solved it 
Thanks, I'll add it. You see if you google some guides it's very hard to find good one, because there are tons of videos on youtube and etc. Thanks for sharing link for your howto
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.