Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

FS#4062 - wireguard fails to route to non-VPN addresses at far-end #9046

Closed
openwrt-bot opened this issue Oct 4, 2021 · 1 comment
Closed

FS#4062 - wireguard fails to route to non-VPN addresses at far-end #9046

openwrt-bot opened this issue Oct 4, 2021 · 1 comment
Labels
flyspray release/19.07

Comments

@openwrt-bot
Copy link

@openwrt-bot openwrt-bot commented Oct 4, 2021

iopen:

Hardware : Ubiquiti Routerstation Pro
Software : OpenWrt 19.07.6, r11278-8055e38794
Updated : 2021-10-03

Problem does not occur with an OpenVPN tunnel providing the same functionality.

Problem occurs with the following combination :

1 : Wireguard tunnel from RSPro gateway (device wgc21) to a CentOS 7 server (device wg21) which uses the 2 non-public DNS servers in the data centre that it's located in.

2 : RSPro networking DNS settings are the 2 data centre server addresses.

3 : The RSPro has routes to those DNS servers via dev wgc21

4 : RSPro iptables MASQUERADEs packets going out interface wgc21

On the RSPro's local network, doing "$ host foo.com" gets a REFUSED reply. Browsers report failure to resolve.

On a local machine, a Wireshark remote capture on the RSPro's wgc21 interface shows the DNS request packets (with DST=data_centre_dns_server), and a remote capture on the server's wg21 interface doesn't show them.

ssh sessions from local machines via the RSPro to the server's wg21 address succeed.

How to reproduce : As above.

Workaround :

RSPro networking DNS addresses changed to 2 addresses on the wg21 network, and on the remote server two iptables PREROUTING rules added that DNAT those 2 addresses to the data centre DNS addresses.

@aparcar aparcar added the release/19.07 label Feb 22, 2022
@ynezz
Copy link
Member

@ynezz ynezz commented May 24, 2022

OpenWrt 19.07 release is EOL, try to reproduce the issue with latest supported release and feel free to ask for issue reopening if the problem is still present, thanks.

@ynezz ynezz closed this as completed May 24, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
flyspray release/19.07
Projects
None yet
Development

No branches or pull requests

3 participants