I wish, or I think I wish anyway, that it would redirect all DNS traffic
to the DNS servers listed in the configuration.
That's normally the way I run my local gateway, it redirects all DNS
traffic to it's DNS cache which does not resolve various undesirable
sites (malware etc.).
Brian Gregory.
[email protected]
www.Brian-Gregory.me.uk
(Home)
On 23/07/2020 13:02, Simon Rozman wrote:
WireGuard for Windows adds a firewall rules to block all DNS traffic except to
the DNS servers listed in the WireGuard config. This is by design (preventing
data leakage).
Regards,
Simon
-----Original Message-----
From: WireGuard <[email protected]> On Behalf Of Andrew
Burkett
Sent: Saturday, July 11, 2020 1:31 AM
To: [email protected]
Subject: DNS Issues with Wireguard for Windows
I was running into dns issues with wireguard on windows using the
released gui app. It seems like a bug with wireguard, but not sure if it
was actually something about my networking configs that messed it up. I
was able to work around the issue by changing the wireguard config (in a
way that seemed odd to me), but I thought it might be useful to share
what I was seeing in case its helpful to others or if it is in fact a
bug in wireguard. I'll share the configs at the bottom of the email, but
I'm just going to describe what I'm seeing first.
My basic setup is I have wireguard running on a linux box functioning as
a server/router to a remote network. I've got a windows desktop
connecting to the linux box via wireguard. There are dns servers on the
remote network that I would like to use from the desktop. I added the
dns servers from the remote network to my desktop wireguard config.
Everything was working fine for awhile. At some point, my windows box
started complaining about not being connected to the internet. I was
able to pinpoint it with some confidence to dns requests failing when
wireguard was connected. Even though windows was complaining about not
having a network connection, my browser still worked though it seemed
slow so I assumed it was trying a dns server and then falling back to a
different one after a timeout (at least that was my guess). The "cause"
of the problem was adding
192.168.7.12/32 to the AllowedIPs on the peer (the wireguard network in
my case is 10.98.1.0/24 and the rest of the network is under
10.0.X.X) After adding it and waiting for a couple hours windows will
inevitably claim that there is no internet access from my network
adapter. Sometimes nslookup and ping still work fine, sometimes they
start to report errors. My solution that reliably fixes it is to add my
local dns server (which is my local router in this case
192.168.86.1) to the dns section of the wireguard config, which seems
like an odd fix since I'm not actually sending local dns traffic to
wireguard.
I couldn't figure out how to use wireshark to view wireguard traffic on
windows to see what's happening to the dns requests, nor do I know of
another way to view traffic (If someone wants to point me at how to do
that, or some other way to view network traffic on windows, I'm happy to
look at it).
Anyway, thanks for the software. It's the best vpn software I've used by
a mile.
Andrew
My Local Gateway/DNS is 192.168.86.1
My Local IP is in 192.168.86.0/24 subnet
Working Config 1
[Interface]
PrivateKey = XXXXX
Address = 10.98.1.103/32
DNS = 10.0.X.X, 10.0.Y.Y
[Peer]
PublicKey = XXXXXX
AllowedIPs = 10.0.0.0/16, 10.98.1.0/24
Endpoint = XXXXXXX
Working Config 2
[Interface]
PrivateKey = XXXXX
Address = 10.98.1.103/32
DNS = 10.0.X.X, 10.0.Y.Y , 192.168.86.1
[Peer]
PublicKey = XXXXXX
AllowedIPs = 10.0.0.0/16, 10.98.1.0/24, 198.168.7.12/32 Endpoint =
XXXXXXX
NonWorking Config
[Interface]
PrivateKey = XXXXX
Address = 10.98.1.103/32
DNS = 10.0.X.X, 10.0.Y.Y
[Peer]
PublicKey = XXXXXX
AllowedIPs = 10.0.0.0/16, 10.98.1.0/24, 198.168.7.12/32 Endpoint =
XXXXXXX
