I have installed the wireguard server on the router, I also have dnscrypt installed and everything works perfectly for the devices of the local network, if I perform a test at https://www.dnsleaktest.com/ I have no loss of DNS.
With the mobile device, through my mobile operator, I connect to the local server and the local network without problems (from outside the local network) the problem is that when I perform a test at https: // www .dnsleaktest. com I see that I have leaks dns
If I modify the configuration file of the client of the mobile device adding a DNS, I can connect to the wireguard server and the local network but I can not access the Internet because it does not solve the DNS
How can I make requests from outside the local network resolved by my router?
No, I thought it could be done as in openvpn (redirect-gateway def1) or maybe redirect dnscrypt requests to the 192.168.200.xxx network, but I do not have the necessary knowledge.
Therefore, if I do not want the DNS leaks into connected devices from outside my local network, do I need to use an Opendns DNS, for example, on each device?
No, you do not. Any DNS server you choose can be used. As I already stated in another thread you created:
For example, if your Wireguard server is an OpenWRT router, simply use the router's Wireguard endpoint IP as the DNS server. You may have to change the assigned IP from a /32 to the actual size of the subnet, so the appropriate route will be made on the mobile device.
From the termux program on the mobile device, from outside my local network, I have a ping to the address 8.8.8.8 and it does not work
$ ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56 (84) bytes of data.
^ C
--- 8.8.8.8 ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 2002ms
ip a
.......
......
47: tun0: <POINTOPOINT, UP, LOWER_UP> mtu 1280 qdisc pfifo_fast state UNKNOWN group default qlen 500
link / none
inet 192.168.200.2/32 global scope tun0
valid_lft forever preferred_lft forever
The client connects to the server but does not have access to the internet,
Public Key: ..................... =
Endpoint: 84.XX.XX.XX: 50695
Allowed IPs:
• 192.168.200.0/28
Persistent Keepalive: 23s
Latest Handshake: Mon, 21 May 2018 17:34:02 GMT (Aug. 5)
Data Received: 10 KiB
Data Transmitted: 13 KiB
It's what happened to me in the thread I opened earlier, I have to leave the DNS field blank in the client configuration file
Why are you using 8.8.8.8??? I thought you wanted to STOP the leak and use 192.168.200.1.
Are you changing the DNS before, OR AFTER you connect???
If your Wireguard endpoint is a hostname (and not IP), you'll need a working DNS server in order to initiate the connection, otherwise you must use the endpoint's IP address instead to establish the VPN connection.