I'm trying to use a dns server that belongs to a wireguard peer on Boxpn, and not having much luck. I'm working with openwrt v19.07.2 on a GoFlexNet device. I'm using rule-based routing as described at
This is essentially the same technique that's used by wg-quick that works on my Debian 10 laptop. On the laptop, I use the endpoint address as the DNS server, which works without leaks. I've read that the tunnel IP (startpoint?) address can also be used as a DNS server:
However, that doesn't work when I try it.
I use the /etc/config/network file for the setup, then a hotplug event to add the additional routing and write the nameserver to /tmp/resolv.conf.auto. I also suspend udhcpc processes to avoid overwiting the configuration.
It's curious that when I change the DNS server to point to my lan router, it works fine, 188.8.131.52 also works, but not the peer endpoint. I can't seem to see what the problem is in my setup, also none of the forum questions I can find deal directly with this issue, so I'm at a loss.
By the way, does anyone know how to properly find the peer DNS servers? Is there some way of discovering them? or should the endpoint function as one?
Thanks in advance.
#wg interface: wg0 public key: = private key: (hidden) listening port: 58244 fwmark: 0xca6c peer: = endpoint: 184.108.40.206:48020 allowed ips: 0.0.0.0/0 latest handshake: 1 minute, 37 seconds ago transfer: 34.13 MiB received, 499.68 MiB sent persistent keepalive: every 25 seconds #ip route default dev wg0 proto static scope link 10.0.1.0/24 dev br-lan proto kernel scope link src 10.0.1.9 220.127.116.11 via 10.0.1.1 dev br-lan proto static #ip rule 0: from all lookup local 32764: from all lookup main suppress_prefixlength 0 32765: not from all fwmark 0xca6c lookup 10 32766: from all lookup main 32767: from all lookup default #ip route show table 10 default dev wg0 scope link
config interface 'loopback' option ifname 'lo' option proto 'static' option ipaddr '127.0.0.1' option netmask '255.0.0.0' config interface 'lan' option type 'bridge' option ifname 'eth0' option proto 'dhcp' config interface 'wg0' option proto 'wireguard' option private_key '=' list addresses '10.120.0.15/32' config wireguard_wg0 'wgserver' option public_key '=' option endpoint_host '' option endpoint_port '48020' option route_allowed_ips '1' option persistent_keepalive '25' list allowed_ips '0.0.0.0/0'
config zone 'wan' option name 'wan' list network 'wan' list network 'wan6' list network 'wg0' option input 'REJECT' option output 'ACCEPT' option forward 'REJECT' option masq '1' option mtu_fix '1'
#!/bin/sh #https://www.wireguard.com/netns/ interface=wg0 fwmark=51820 iptable=10 serv_resolv=/tmp/resolv.conf.auto if [ "$INTERFACE" = "$interface" ] ; then case "$ACTION" in ifup) # rule-based routing wg set wg0 fwmark "$fwmark" ip -4 route add default dev wg0 table "$iptable" ip -4 rule add not fwmark "$fwmark" table "$iptable" ip -4 rule add table main suppress_prefixlength 0 sysctl -q net.ipv4.conf.all.src_valid_mark=1 for PID in /var/run/udhcpc-*.pid ; do [ -e $PID ] || continue PID=$(cat $PID) # stop dhcp kill -SIGSTOP $PID done # use tunnel ip as DNS server tunip="$(ip address show dev $interface | sed -n -E -e 's/^ *inet +([0-9.]*).*$/\1/p')" echo "# wgvpn" > "$serv_resolv" echo "# nameserver" "$tunip" >> "$serv_resolv" echo nameserver 18.104.22.168 >> "$serv_resolv" ;; ifdown) ip -4 rule delete table "$iptable" ip -4 rule delete table main suppress_prefixlength 0 for PID in /var/run/udhcpc-*.pid ; do [ -e $PID ] || continue PID=$(cat $PID) # restart dhcp and renew kill -SIGCONT $PID kill -SIGUSR1 $PID done ;; esac ; fi