Problem does not occur with an OpenVPN tunnel providing the same functionality.
Problem occurs with the following combination :
1 : Wireguard tunnel from RSPro gateway (device wgc21) to a CentOS 7 server (device wg21) which uses the 2 non-public DNS servers in the data centre that it's located in.
2 : RSPro networking DNS settings are the 2 data centre server addresses.
3 : The RSPro has routes to those DNS servers via dev wgc21
4 : RSPro iptables MASQUERADEs packets going out interface wgc21
On the RSPro's local network, doing "$ host foo.com" gets a REFUSED reply. Browsers report failure to resolve.
On a local machine, a Wireshark remote capture on the RSPro's wgc21 interface shows the DNS request packets (with DST=data_centre_dns_server), and a remote capture on the server's wg21 interface doesn't show them.
ssh sessions from local machines via the RSPro to the server's wg21 address succeed.
How to reproduce : As above.
RSPro networking DNS addresses changed to 2 addresses on the wg21 network, and on the remote server two iptables PREROUTING rules added that DNAT those 2 addresses to the data centre DNS addresses.
The text was updated successfully, but these errors were encountered: