More wireguard questions

woeisme_again · April 18, 2024, 1:27pm

I've slowly been relying on my wireguard setup more and more as I travel and for the most part it works well. See my previous question and setup here

Recently I noticed that while I get replies for my remote devices on the lan for pings:
ex. ping potato-tower.lan
I'll get a response from arp what the correct lan ip is but ping will fail and subsequent ssh attemps will fail to that local dns name or the ip.

Currently I have the local wireguard interface DNS setting under wg0.conf to use:
DNS = 192.168.1.1

which is my opewrt gateway which I believe is using dnsmasq.
Is this the correct setup?

What should I change to be able to ssh using potato-tower.lan as I was at least able to ssh to the local ip address earlier when I had it set to 9.9.9.9

mk24 · April 18, 2024, 2:01pm

DNS is system wide meaning if you specify list dns more than once, even if under different interfaces, they just all get added into the same list that is used in a round-robin fashion.

The correct way to do this is to specify a server for the .lan domain in /etc/config/dns. Also the remote router's local domain can't be its default of .lan. It would be better to make the home network .home.lan and the remote network .remote.lan so that DNS names established on either end can be reciprocally resolved.

Of course if you can't ping home by numeric IP, something else is wrong so forget about DNS until you have fixed that. The most common reason for this to break is if you connect the travel router to a hotel etc WAN that uses the same IP subnet as home, then there is a routing conflict.

woeisme_again · April 19, 2024, 3:08am

sorry mk24 I have almost no idea what you're talking about here.

What is the list dns command and how is that different from DNS = in wg0.conf ?

I don't have anything configured in /etc/config/dns but why can I not use the .lan as the routers local domain, IIRC that's what is autofilled in LuCI for dnsmasq and I just left it there.

I don't have any need to resolve DNS on the local machines side, this is only for using my remote routers lan based machines.

There is no travel router, unless you're speaking about the regular WAP / router of places I connect from?