You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Problem does not occur with an OpenVPN tunnel providing the same functionality.
Problem occurs with the following combination :
1 : Wireguard tunnel from RSPro gateway (device wgc21) to a CentOS 7 server (device wg21) which uses the 2 non-public DNS servers in the data centre that it's located in.
2 : RSPro networking DNS settings are the 2 data centre server addresses.
3 : The RSPro has routes to those DNS servers via dev wgc21
4 : RSPro iptables MASQUERADEs packets going out interface wgc21
On the RSPro's local network, doing "$ host foo.com" gets a REFUSED reply. Browsers report failure to resolve.
On a local machine, a Wireshark remote capture on the RSPro's wgc21 interface shows the DNS request packets (with DST=data_centre_dns_server), and a remote capture on the server's wg21 interface doesn't show them.
ssh sessions from local machines via the RSPro to the server's wg21 address succeed.
How to reproduce : As above.
Workaround :
RSPro networking DNS addresses changed to 2 addresses on the wg21 network, and on the remote server two iptables PREROUTING rules added that DNAT those 2 addresses to the data centre DNS addresses.
The text was updated successfully, but these errors were encountered:
OpenWrt 19.07 release is EOL, try to reproduce the issue with latest supported release and feel free to ask for issue reopening if the problem is still present, thanks.
iopen:
Hardware : Ubiquiti Routerstation Pro
Software : OpenWrt 19.07.6, r11278-8055e38794
Updated : 2021-10-03
Problem does not occur with an OpenVPN tunnel providing the same functionality.
Problem occurs with the following combination :
1 : Wireguard tunnel from RSPro gateway (device wgc21) to a CentOS 7 server (device wg21) which uses the 2 non-public DNS servers in the data centre that it's located in.
2 : RSPro networking DNS settings are the 2 data centre server addresses.
3 : The RSPro has routes to those DNS servers via dev wgc21
4 : RSPro iptables MASQUERADEs packets going out interface wgc21
On the RSPro's local network, doing "$ host foo.com" gets a REFUSED reply. Browsers report failure to resolve.
On a local machine, a Wireshark remote capture on the RSPro's wgc21 interface shows the DNS request packets (with DST=data_centre_dns_server), and a remote capture on the server's wg21 interface doesn't show them.
ssh sessions from local machines via the RSPro to the server's wg21 address succeed.
How to reproduce : As above.
Workaround :
RSPro networking DNS addresses changed to 2 addresses on the wg21 network, and on the remote server two iptables PREROUTING rules added that DNAT those 2 addresses to the data centre DNS addresses.
The text was updated successfully, but these errors were encountered: