Luci-App-WireGuard: I think I found a bug

bigsmile · November 11, 2022, 6:31pm

So I've been horsing around with the Luci-App-WireGuard a bit and I think I found a bug: it seems when editing the interface the "options dns x.x.x.x" is lost.

To be fair, I edited the /etc/config/network to add the WireGuard interface. (described in Solved: nordvpn OpenWrt wireguard client)

config interface 'wg0'
        option proto 'wireguard'
        option private_key '62lKu9HsDVbyiPenApnc4sfmSYTHOVfFgL3pyB+cBL4='
        list addresses '1x.x.x.xxx/32'
        option dns '1xx.1xx.xxx.x' <-- gone after changing key in luci

Can someone confirm?

psherman · November 11, 2022, 6:57pm

The DNS field in WG does not do anything on OpenWrt. I don't think this is a bug as much as a feature that isn't implemented or relevant.

bigsmile · November 11, 2022, 8:36pm

Well it stops resolving when its removed

bigsmile · November 12, 2022, 1:57pm

After some hours of troubleshooting, wiping and rebooting the router. I can definitely say I cannot get it working without the option dns in the wg0 interface.

uci set network.wg0.dns='x.x.x.x'

If I do not set it, it will default to 127.0.0.1 which in turn redirects queries to the DNS server in the WAN-connection. Which means I have DNS-leak. So I set it to ignore the advertised servers.

uci set network.wan.peerdns='0'

Where do I set the DNS server for WG? and how does this work with multiple WireGuard-connections if not specified in the connection network.wgX ?

Thanks a bunch

lleachii · November 12, 2022, 2:26pm

You just showed where to set it:

That setting would be valid for the interface itself - so would any server with IP you configured to route via the WG tunnel

bigsmile · November 12, 2022, 2:40pm

If that is the case, then I think I found a bug in Luci-App-WireGuard.
When editing the interface via Luci, the DNS option gets deleted.

lleachii · November 12, 2022, 2:43pm

But...Wireguard doesn't have inherent DNS.

I think you're experiencing a bug I had...I'll find the link...

bigsmile · November 12, 2022, 2:44pm

Im no expert, I can only tell you what I see happening.

lleachii · November 12, 2022, 2:49pm

So then I would advise you not to exclaim you've found a bug. I really donno how to better explain than others about Wireguard not having DNS. You merely route/allow the IPs of the proper servers thru Wireguard.

Otherwise, if your WG tunnel has a domain name, you have a chicken-or-the-egg issue where you need WG DNS before it can resolve the tunnel.

Perhaps you can look at threads that handle DNS leaks on VPN for more clarity.

My issue was the metric of the endpoint.

I will note that the disappearing setting does seem odd, though - since it exists.

I would fully document it for a bug report on LuCI.

bigsmile · November 13, 2022, 12:12pm

I did use the words "I think I found a bug" did I not?
But lets assume I am unable to convey the problem properly.

lleachii · November 13, 2022, 12:14pm

Yep, you did. Cool.

I assume the video is of the bug. Feel free to post it in the bug reports for LuCi...with perhaps the written description.

Info here: https://openwrt.org/bugs#issue_trackers

bigsmile · November 13, 2022, 1:20pm

github.com/openwrt/luci

luci-app-wireguard: interface change causes an item to be deleted

opened 01:00PM - 13 Nov 22 UTC

bigsmile74

## Steps to reproduce: 1. Add new WireGuard interface: (bogus keypair) ```uci …set network.wg0='interface' uci set network.wg0.proto='wireguard' uci set network.wg0.private_key='QBkdsTbMxI6xzhZDCY6t+wGQddy6DOTfSTxph+UFMXM=' uci add_list network.wg0.addresses='10.2.0.2/32' uci set network.wg0.dns='10.2.0.254' uci add network wireguard_wg0 uci set network.@wireguard_wg0[-1].public_key='ArZapjEkAzG5zIrHrxER3/oEw94t7xrjL1ZcuLRv1EQ=' uci set network.@wireguard_wg0[-1].route_allowed_ips="1" uci add_list network.@wireguard_wg0[-1].allowed_ips="0.0.0.0/0" uci set network.@wireguard_wg0[-1].persistent_keepalive='25' uci set network.@wireguard_wg0[-1].description='WG' uci set network.@wireguard_wg0[-1].endpoint_host='11.12.13.14' uci set network.@wireguard_wg0[-1].endpoint_port='51820' uci commit network ``` 2. Network → Interfaces → WG0 → "Advanced Settings" tab → uncheck "Force link" then "Save & Apply" 3. Network → Interfaces → WG0 → "Advanced Settings" tab → check "Force link" then "Save & Apply" 4. (sometimes you have to repeat steps 2 and 3, you'll see it when pending changes increments to 2) ## Actual behavior: network.wg0.dns='10.2.0.254' has been deleted from the configuration ``` # uci show network.wg0 network.wg0=interface network.wg0.proto='wireguard' network.wg0.addresses='10.2.0.2/32' network.wg0.private_key='QBkdsTbMxI6xzhZDCY6t+wGQddy6DOTfSTxph+UFMXM=' ``` ## Expected behavior: network.wg0.dns='10.2.0.254' should be in the configuration ``` # uci show network.wg0 network.wg0=interface network.wg0.proto='wireguard' network.wg0.addresses='10.2.0.2/32' network.wg0.private_key='QBkdsTbMxI6xzhZDCY6t+wGQddy6DOTfSTxph+UFMXM=' network.wg0.dns='10.2.0.254' ``` ## Additional Information: OpenWrt version information from system `/etc/openwrt_release` ``` DISTRIB_ID='OpenWrt' DISTRIB_RELEASE='22.03.2' DISTRIB_REVISION='r19803-9a599fee93' DISTRIB_TARGET='ath79/generic' DISTRIB_ARCH='mips_24kc' DISTRIB_DESCRIPTION='OpenWrt 22.03.2 r19803-9a599fee93' DISTRIB_TAINTS='' ```

bigsmile · November 16, 2022, 8:31am

jow- closed this as completed in 2be01cb

Workaround: set network.wg0.peerdns=0 as well

Yay!

system · November 26, 2022, 8:32am

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.