DNS Issues with Wireguard for Windows
Brian Gregory
bdgregory at gmail.com
Thu Jul 23 18:21:00 CEST 2020
I wish, or I think I wish anyway, that it would redirect all DNS traffic
to the DNS servers listed in the configuration.
That's normally the way I run my local gateway, it redirects all DNS
traffic to it's DNS cache which does not resolve various undesirable
sites (malware etc.).
Brian Gregory.
bdgregory at gmail.com
www.Brian-Gregory.me.uk
(Home)
On 23/07/2020 13:02, Simon Rozman wrote:
> WireGuard for Windows adds a firewall rules to block all DNS traffic except to the DNS servers listed in the WireGuard config. This is by design (preventing data leakage).
>
> Regards,
> Simon
>
>> -----Original Message-----
>> From: WireGuard <wireguard-bounces at lists.zx2c4.com> On Behalf Of Andrew
>> Burkett
>> Sent: Saturday, July 11, 2020 1:31 AM
>> To: wireguard at lists.zx2c4.com
>> Subject: DNS Issues with Wireguard for Windows
>>
>> I was running into dns issues with wireguard on windows using the
>> released gui app. It seems like a bug with wireguard, but not sure if it
>> was actually something about my networking configs that messed it up. I
>> was able to work around the issue by changing the wireguard config (in a
>> way that seemed odd to me), but I thought it might be useful to share
>> what I was seeing in case its helpful to others or if it is in fact a
>> bug in wireguard. I'll share the configs at the bottom of the email, but
>> I'm just going to describe what I'm seeing first.
>>
>> My basic setup is I have wireguard running on a linux box functioning as
>> a server/router to a remote network. I've got a windows desktop
>> connecting to the linux box via wireguard. There are dns servers on the
>> remote network that I would like to use from the desktop. I added the
>> dns servers from the remote network to my desktop wireguard config.
>> Everything was working fine for awhile. At some point, my windows box
>> started complaining about not being connected to the internet. I was
>> able to pinpoint it with some confidence to dns requests failing when
>> wireguard was connected. Even though windows was complaining about not
>> having a network connection, my browser still worked though it seemed
>> slow so I assumed it was trying a dns server and then falling back to a
>> different one after a timeout (at least that was my guess). The "cause"
>> of the problem was adding
>> 192.168.7.12/32 to the AllowedIPs on the peer (the wireguard network in
>> my case is 10.98.1.0/24 and the rest of the network is under
>> 10.0.X.X) After adding it and waiting for a couple hours windows will
>> inevitably claim that there is no internet access from my network
>> adapter. Sometimes nslookup and ping still work fine, sometimes they
>> start to report errors. My solution that reliably fixes it is to add my
>> local dns server (which is my local router in this case
>> 192.168.86.1) to the dns section of the wireguard config, which seems
>> like an odd fix since I'm not actually sending local dns traffic to
>> wireguard.
>>
>> I couldn't figure out how to use wireshark to view wireguard traffic on
>> windows to see what's happening to the dns requests, nor do I know of
>> another way to view traffic (If someone wants to point me at how to do
>> that, or some other way to view network traffic on windows, I'm happy to
>> look at it).
>>
>> Anyway, thanks for the software. It's the best vpn software I've used by
>> a mile.
>>
>> Andrew
>>
>> My Local Gateway/DNS is 192.168.86.1
>> My Local IP is in 192.168.86.0/24 subnet
>>
>> Working Config 1
>>
>> [Interface]
>> PrivateKey = XXXXX
>> Address = 10.98.1.103/32
>> DNS = 10.0.X.X, 10.0.Y.Y
>>
>> [Peer]
>> PublicKey = XXXXXX
>> AllowedIPs = 10.0.0.0/16, 10.98.1.0/24
>> Endpoint = XXXXXXX
>>
>> Working Config 2
>>
>> [Interface]
>> PrivateKey = XXXXX
>> Address = 10.98.1.103/32
>> DNS = 10.0.X.X, 10.0.Y.Y , 192.168.86.1
>>
>> [Peer]
>> PublicKey = XXXXXX
>> AllowedIPs = 10.0.0.0/16, 10.98.1.0/24, 198.168.7.12/32 Endpoint =
>> XXXXXXX
>>
>> NonWorking Config
>>
>> [Interface]
>> PrivateKey = XXXXX
>> Address = 10.98.1.103/32
>> DNS = 10.0.X.X, 10.0.Y.Y
>>
>> [Peer]
>> PublicKey = XXXXXX
>> AllowedIPs = 10.0.0.0/16, 10.98.1.0/24, 198.168.7.12/32 Endpoint =
>> XXXXXXX
More information about the WireGuard
mailing list