On Tue, Aug 17, 2021 at 11:11 PM Waishon <[email protected]> wrote: > > Hey there, > > I'm currently trying to setup a wireguard-tunnel inside a > network-namespace as descriped in the documentation, which fails when > using a domain as endpoint: > https://www.wireguard.com/netns/ > > First I've created the wireguard interface inside the birth-namespace > of the host using "ip link add wg0 type wireguard". Then I moved the > wg0 interface to the newly created network namespace, which doesn't > have any network interfaces and network connections beside the > loopback interface. > > Then I configured the wg0 interface inside the network namespace using > wg set "INTERFACE_NAME" \ > private-key <SECRET \ > peer "PEER" \ > endpoint vpn.example.com:51820 \ > persistent-keepalive 25 \ > allowed-ips ::/0 > > This however results in a "Temporary failure in name resolution: > `vpn.example.com:51820'. Trying again in 1.00 seconds..." error > message, which makes sense, because the wireguard-tool tries to call > getaddrinfo inside the network namespace. The namespace doesn't have > an internet connection and the lookup fails. > https://github.com/WireGuard/wireguard-tools/blob/96e42feb3f41e2161141d4958e2637d9dee6f90a/src/config.c#L242 > > As a user I would expect that the wg-tool does the lookup in the > birth-namespace of the interface and not inside the newly created > network namespace. > > What is the recommended solution to resolve an domain endpoint when > using network namespaces and wireguard? Just manually lookup the > domain in the birth-namespace and use the ip as endpoint? The > implementation however would be quiete hacky to make it properly work > with IPv4 and IPv6.
Have you configured a nameserver for your network namespace ? Normally, that would be /etc/netns/<namespace_name>/resolv.conf (you may need to create the subdirectory first).
