Force all clients to use my DNS server through wireguard

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
Author Message
jasjeet
DD-WRT Novice


Joined: 08 May 2020
Posts: 5

PostPosted: Mon Sep 12, 2022 8:22    Post subject: Force all clients to use my DNS server through wireguard Reply with quote
I’ve got wireguard setup and my clients can ping connect through it.

    Clients which are on and off the wireguard PBR list can ping 11.0.0.1, the wireguard server.
    When I point any client on the wireguard PBR list to use 11.0.0.1 as DNS server, I can resolve URLs.
    When I point any client not on the wireguard PBR list to use 11.0.0.1 as DNS server, I cannot resolve URLs.



On 11.0.0.1, I have pihole setup to do DNS.
I would like all clients to use 11.0.0.1 as DNS server regardless if they are part of the wireguard PBR list.

Anybody know why this is not working?

PS: this requirement used to work before I reset and upgraded my DDWRT FW. It even worked on this DDWRT FW (v3.0-r49492 std (07/14/22)) prior to the complete reset i did.



Sponsor
jasjeet
DD-WRT Novice


Joined: 08 May 2020
Posts: 5

PostPosted: Mon Sep 12, 2022 8:52    Post subject: Reply with quote
I fixed it with

Allowed IPs: 0.0.0.0/1,128.0.0.0/1
Route Allowed IPs via Tunnel: Enable
IP Addresses / Netmask (CIDR): 11.0.0.2/24

Should rtfm a bit more Embarassed
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12812
Location: Netherlands

PostPosted: Mon Sep 12, 2022 9:07    Post subject: Reply with quote
11.0.0.0 is not a private subnet and cannot be used for private subnets: https://en.wikipedia.org/wiki/Private_network

It looks like you are showing the Client side, but what is the server side and how is it setup?

What builds and routers are you using?

WireGuard documentation is a sticky in this forum.

If you want to use DNS via the tunnel you can enter the DNS server in the DNS field (see guides), that guarantees there is a route via the tunnel.

For DDWRT make sure to run the latest build 50146 and depending on setup Disable Rebind protection.

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
jasjeet
DD-WRT Novice


Joined: 08 May 2020
Posts: 5

PostPosted: Mon Sep 12, 2022 12:28    Post subject: Reply with quote
Everything works now.
I’m using r7800 on DDWRT FW (v3.0-r49492 std (07/14/22).

I normally use 10.0.0.0, but I have an OVPN server running on my VPS on that subnet.
My VPS hosts wireguard on 11.0.0.1. Do I need to change something?

Yes, I was adding 11.0.0.1 into DNS 1, but it was not allowing dns resolution on clients that were not on the WG PBR list. My WG client config in post 1 was wrong, the changes I made in post 2 fixed everything.

I’ll upgrade to the latest DDWRT next.
And yes I’ve been reading all the PDFs and piecing it together.

My wg server config
Code:
 [Interface]
Address = 11.0.0.1/32
PostUp = iptables -A FORWARD -i %i -j ACCEPT; ipta…
PostDown = iptables -D FORWARD -i %i -j ACCEPT; ip…
#SaveConfig = true
ListenPort = 5555
PrivateKey = PrivKeyGenOnServer

[Peer]
PublicKey =PubKeyFromDDWRT
AllowedIPs = 11.0.0.2/32
Endpoint = <myVpsIp>:5555
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12812
Location: Netherlands

PostPosted: Mon Sep 12, 2022 14:33    Post subject: Reply with quote
11.0.0.0 is not for private use 172.16-31
_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum