WG endpoint node exit to inet and DNS resolver

Christophe-Marie Duquesne chmd at chmd.fr
Mon May 7 15:23:45 CEST 2018

Re-adding the ML that I removed from my response by mistake

On Mon, May 7, 2018 at 3:12 PM, ѽ҉ᶬḳ℠ <vtol at gmx.net> wrote:

> Thank you for the instant response.
>> Wireguard does not mess with the DNS (afaik) so whatever is already
>> configured on the client is used.
> Had hoped there would a way for the clients to utilize the endpoint node's
> DNS resolver.
There are many ways to do that. You could setup post-up scripts that modify
resolv.conf when the wg interface is up. You could run a caching dns server
on your lan that talks to your gateway dns resolver.

>> If you want to route ipv4 traffic of "clients" through your "server"
>> (using quotes here because wireguard is peer to peer, so it does not really
>> makes sense to say that), you probably need to enable ipv4 forwarding in
>> the kernel, and have postrouting rules that look like "iptables -t nat -A
> forwarding is enabled in the kernel. Currently I am trying to set it up
> with the name space solution (https://www.wireguard.com/netns/) which
> perhaps do not require iptable rules, at least there is no mentioning of it.

I have not played with netns, so I cannot comment on that.

> Being a of peer-to-peer concept WG is then not really suited as VPN
> gateway?
It certainly is suited for tunneling all traffic through the tunnel. There
are a few blog posts around describing how to do this.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.zx2c4.com/pipermail/wireguard/attachments/20180507/6b14bd24/attachment.html>

More information about the WireGuard mailing list