Luci-App-WireGuard: I think I found a bug

So I've been horsing around with the Luci-App-WireGuard a bit and I think I found a bug: it seems when editing the interface the "options dns x.x.x.x" is lost.

To be fair, I edited the /etc/config/network to add the WireGuard interface. (described in Solved: nordvpn OpenWrt wireguard client)

config interface 'wg0'
        option proto 'wireguard'
        option private_key '62lKu9HsDVbyiPenApnc4sfmSYTHOVfFgL3pyB+cBL4='
        list addresses ''
        option dns '' <-- gone after changing key in luci

Can someone confirm?

The DNS field in WG does not do anything on OpenWrt. I don't think this is a bug as much as a feature that isn't implemented or relevant.


Well it stops resolving when its removed :confused:

After some hours of troubleshooting, wiping and rebooting the router. I can definitely say I cannot get it working without the option dns in the wg0 interface.

uci set network.wg0.dns='x.x.x.x'

If I do not set it, it will default to which in turn redirects queries to the DNS server in the WAN-connection. Which means I have DNS-leak. So I set it to ignore the advertised servers.

uci set network.wan.peerdns='0'

Where do I set the DNS server for WG? and how does this work with multiple WireGuard-connections if not specified in the connection network.wgX ?

Thanks a bunch :blush:

1 Like

You just showed where to set it:

That setting would be valid for the interface itself - so would any server with IP you configured to route via the WG tunnel

If that is the case, then I think I found a bug in Luci-App-WireGuard.
When editing the interface via Luci, the DNS option gets deleted.

But...Wireguard doesn't have inherent DNS.

I think you're experiencing a bug I had...I'll find the link...

Im no expert, I can only tell you what I see happening.

So then I would advise you not to exclaim you've found a bug. I really donno how to better explain than others about Wireguard not having DNS. You merely route/allow the IPs of the proper servers thru Wireguard.

Otherwise, if your WG tunnel has a domain name, you have a chicken-or-the-egg issue where you need WG DNS before it can resolve the tunnel.

Perhaps you can look at threads that handle DNS leaks on VPN for more clarity.

My issue was the metric of the endpoint.

I will note that the disappearing setting does seem odd, though - since it exists.

I would fully document it for a bug report on LuCI.

I did use the words "I think I found a bug" did I not?
But lets assume I am unable to convey the problem properly.

Yep, you did. Cool.

I assume the video is of the bug. Feel free to post it in the bug reports for LuCi...with perhaps the written description.

Info here:


1 Like

jow- closed this as completed in 2be01cb

Workaround: set network.wg0.peerdns=0 as well


This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.