Problem does not occur with an OpenVPN tunnel providing the same functionality.
Problem occurs with the following combination :
1 : Wireguard tunnel from RSPro gateway (device wgc21) to a CentOS 7 server (device wg21) which uses the 2 non-public DNS servers in the data centre that it's located in.
2 : RSPro networking DNS settings are the 2 data centre server addresses.
3 : The RSPro has routes to those DNS servers via dev wgc21
4 : RSPro iptables MASQUERADEs packets going out interface wgc21
On the RSPro's local network, doing "$ host foo.com" gets a REFUSED reply. Browsers report failure to resolve.
On a local machine, a Wireshark remote capture on the RSPro's wgc21 interface shows the DNS request packets (with DST=data_centre_dns_server), and a remote capture on the server's wg21 interface doesn't show them.
ssh sessions from local machines via the RSPro to the server's wg21 address succeed.
How to reproduce : As above.
Workaround :
RSPro networking DNS addresses changed to 2 addresses on the wg21 network, and on the remote server two iptables PREROUTING rules added that DNAT those 2 addresses to the data centre DNS addresses.
The text was updated successfully, but these errors were encountered:
OpenWrt 19.07 release is EOL, try to reproduce the issue with latest supported release and feel free to ask for issue reopening if the problem is still present, thanks.
openwrt-bot commentedOct 4, 2021
iopen:
Hardware : Ubiquiti Routerstation Pro
Software : OpenWrt 19.07.6, r11278-8055e38794
Updated : 2021-10-03
Problem does not occur with an OpenVPN tunnel providing the same functionality.
Problem occurs with the following combination :
1 : Wireguard tunnel from RSPro gateway (device wgc21) to a CentOS 7 server (device wg21) which uses the 2 non-public DNS servers in the data centre that it's located in.
2 : RSPro networking DNS settings are the 2 data centre server addresses.
3 : The RSPro has routes to those DNS servers via dev wgc21
4 : RSPro iptables MASQUERADEs packets going out interface wgc21
On the RSPro's local network, doing "$ host foo.com" gets a REFUSED reply. Browsers report failure to resolve.
On a local machine, a Wireshark remote capture on the RSPro's wgc21 interface shows the DNS request packets (with DST=data_centre_dns_server), and a remote capture on the server's wg21 interface doesn't show them.
ssh sessions from local machines via the RSPro to the server's wg21 address succeed.
How to reproduce : As above.
Workaround :
RSPro networking DNS addresses changed to 2 addresses on the wg21 network, and on the remote server two iptables PREROUTING rules added that DNAT those 2 addresses to the data centre DNS addresses.
The text was updated successfully, but these errors were encountered: