WG endpoint node exit to inet and DNS resolver
Christophe-Marie Duquesne
chmd at chmd.fr
Mon May 7 15:23:45 CEST 2018
Re-adding the ML that I removed from my response by mistake
On Mon, May 7, 2018 at 3:12 PM, ѽ҉ᶬḳ℠ <vtol at gmx.net> wrote:
> Thank you for the instant response.
>
>>
>> Wireguard does not mess with the DNS (afaik) so whatever is already
>> configured on the client is used.
>>
>
> Had hoped there would a way for the clients to utilize the endpoint node's
> DNS resolver.
>
>
There are many ways to do that. You could setup post-up scripts that modify
resolv.conf when the wg interface is up. You could run a caching dns server
on your lan that talks to your gateway dns resolver.
>> If you want to route ipv4 traffic of "clients" through your "server"
>> (using quotes here because wireguard is peer to peer, so it does not really
>> makes sense to say that), you probably need to enable ipv4 forwarding in
>> the kernel, and have postrouting rules that look like "iptables -t nat -A
>> POSTROUTING -o eth0 -j MASQUERADE".
>>
>
> forwarding is enabled in the kernel. Currently I am trying to set it up
> with the name space solution (https://www.wireguard.com/netns/) which
> perhaps do not require iptable rules, at least there is no mentioning of it.
>
I have not played with netns, so I cannot comment on that.
>
> Being a of peer-to-peer concept WG is then not really suited as VPN
> gateway?
>
>
It certainly is suited for tunneling all traffic through the tunnel. There
are a few blog posts around describing how to do this.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.zx2c4.com/pipermail/wireguard/attachments/20180507/6b14bd24/attachment.html>
More information about the WireGuard
mailing list