<div dir="ltr">Re-adding the ML that I removed from my response by mistake<br><div><div class="gmail_extra"><br><div class="gmail_quote">On Mon, May 7, 2018 at 3:12 PM, ѽ҉ᶬḳ℠ <span dir="ltr"><<a href="mailto:vtol@gmx.net" target="_blank">vtol@gmx.net</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Thank you for the instant response.<span class="gmail-"><br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<br>
Wireguard does not mess with the DNS (afaik) so whatever is already configured on the client is used.<br>
</blockquote>
<br></span>
Had hoped there would a way for the clients to utilize the endpoint node's DNS resolver.<span class="gmail-"><br>
<br></span></blockquote><div><br></div><div>There are many ways to do that. You could setup post-up scripts that modify resolv.conf when the wg interface is up. You could run a caching dns server on your lan that talks to your gateway dns resolver.<br><br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><span class="gmail-">
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<br>
If you want to route ipv4 traffic of "clients" through your "server" (using quotes here because wireguard is peer to peer, so it does not really makes sense to say that), you probably need to enable ipv4 forwarding in the kernel, and have postrouting rules that look like "iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE".<br>
</blockquote>
<br></span>
forwarding is enabled in the kernel. Currently I am trying to set it up with the name space solution (<a href="https://www.wireguard.com/netns/" rel="noreferrer" target="_blank">https://www.wireguard.com/net<wbr>ns/</a>) which perhaps do not require iptable rules, at least there is no mentioning of it.<br></blockquote><div><br></div><div>I have not played with netns, so I cannot comment on that.<br></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<br>
Being a of peer-to-peer concept WG is then not really suited as VPN gateway?<br>
<br></blockquote><div><br></div><div>It certainly is suited for tunneling all traffic through the tunnel. There are a few blog posts around describing how to do this.<br></div></div><br></div></div></div>