synology-wireguard
synology-wireguard copied to clipboard
runfalk
Connected but no DNS resolving?
Dear guys, first of all I would like to thank you for putting your efforts in this project. I'm aware that it's kinda discontinued but I'm very interested in it.
In the past as I successfully ran wireguard on my OpenWrt router and I would like to do the same on my NAS.
My configurations files are quite simple and I don't really get why is keeping the client from connecting to the wider internet (ping to local IPs works) :
[wg0.conf]
[Interface]
Address = 10.0.1.1/16
PrivateKey = (hidden)
ListenPort = (hidden)
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth1 -j MASQUERADE
[Peer]
PublicKey = (hidden)
PresharedKey = (hidden)
AllowedIPs = 10.0.1.2/32`
PEER 1
[Interface]
PrivateKey = <PKEY>
Address = 10.0.10.2/24
DNS = 192.168.1.1
[Peer]
PublicKey = <PUBKEY>
PresharedKey = <PSKEY>
AllowedIPs = 0.0.0.0/0, ::/0
Endpoint = <LOCAL_IP>:<PORT>
PersistentKeepalive = 25
root@DNS-NAS:/etc/wireguard# wg
interface: wg0
public key: <PUBKEY>
private key: (hidden)
listening port: <PORT>
peer: <HIDDEN>
preshared key: (hidden)
endpoint: 192.168.1.161:62341
allowed ips: 10.0.1.2/32
latest handshake: 4 seconds ago
transfer: 1.74 KiB received, 1.43 KiB sent
Any suggestions? My idea is that DNS queries are currently not being resolved. Thanks!
can you test DNS lookups with dig or nslookup?
ping to local IPs work
looks like you are connecting to the server from the same network. are you sure the pings are going through wireguard?
yes, I'm connecting from the same network. Since there's no connection the nslookup fails
user@mac ~ % nslookup google.com ;; connection timed out; no servers could be reached
I've just tried to set this up on my DS1019+ and am having a very similar issue. Testing from my iPhone on 4G I have no access at all (as above, on my local wifi/LAN I have internal but not internet connection):
[wg0.conf]
[Interface]
Address = 10.200.0.1/16
PrivateKey = <privKey>
ListenPort = <listenPort>
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE; sleep 5; ip route add 10.200.0.0/16 dev wg0
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
# iPhone
[Peer]
PublicKey = <pubKey>
AllowedIPs = 10.200.0.2/32
[wg0-iPhone.conf]
[Interface]
Address = 10.200.0.2/24
PrivateKey = <privKey>
ListenPort = <listenPort>
[Peer]
Endpoint = <router public IP>:<listenPort>
PublicKey = <pubKey>
AllowedIPs = 0.0.0.0/0, ::/0
PersistentKeepalive = 25
from sudo wg
interface: wg0
public key: <pubKey>
private key: (hidden)
listening port: <listenPort>
peer: <peer ID>
allowed ips: 10.200.0.2/32
Tested using Chrome to try and access www.bbc.co.uk and getting ERR_NAME_NOT_RESOLVED .
Set-up was done based on this guide (well parts of it anyway) and also this one as I have a server running on a Pi which works fine (but I want to move it to my NAS). When I compare the conf files between the two I can't see anything significantly different except of course I've set different listen ports.
The NAS firewall is up, but I've tried both adding a port allow to it and temporarily dropping it, and neither helps. My router is also set to port forward the listen port to the NAS as well.
Any thoughts as to what may be wrong welcomed.
I suspect this issue has to do with "The Dns = x.x.x.x setting is unsupported." in the FAQ/Known issues section. I'm getting this issue on my Synology too. I had something similar with a Wireguard setup on my router, before I added the DNS setting to the conf file, which fixed things. Since that's not an option for this version, it's quite possible it might not work until the DNS=... gets implemented for the Synology version.
That was the conclusion I was coming to as well, and I presume not a simple fix given it's current status. Was just wondering given that it must be working at least in some fashion for some people?
Anyway no big issue, will continue with the Pi based solution for now and see how progress here goes (or maybe look at a docker solution). Fingers crossed for that!
I've added the my home router's IP (172.16.11.1) as DNS server in the client configuration. Nothing done on the synology side.
I can resolve DNS names for both my internal network as well as the public internet, just like being in the local network.
client.conf
[Interface]
Address = 172.16.12.2
PrivateKey = <privkey>
ListenPort = <listenPort>
Dns = 172.16.11.1
[Peer]
PublicKey = <publicKey>
Endpoint = <router public hostname>:<port>
AllowedIPs = 0.0.0.0/0, ::/0
If that works for you, I can draft a PR to document this.
If AllowedIPs is configured globally, the Dns parameter must be specified. Otherwise, it will not affect the domain name resolution at the system level.
my VPN provider (WindScribe) has provided me a wg0.conf file which has a Dns entry in the [Interface] section and is not allowing me to instantiate the interface.
$ sudo wg-quick up wg0
Password:
Warning: `/etc/wireguard/wg0.conf' is world accessible
[#] ip link add wg0 type wireguard
[#] wg setconf wg0 /dev/fd/63
[#] ip -4 address add 100.x.x.x/32 dev wg0
[#] ip link set mtu 1420 up dev wg0
[#] resolvconf -a wg0 -m 0 -x
/usr/local/bin/wg-quick: line 32: resolvconf: command not found
[#] ip link delete dev wg0
I'm running this on a Synology NAS. How do I resolve this ?
@cchhat01 remove the Dns setting or use this solution;
https://github.com/runfalk/synology-wireguard/issues/31#issuecomment-593861167
my VPN provider (WindScribe) has provided me a wg0.conf file which has a Dns entry in the [Interface] section and is not allowing me to instantiate the interface.
$ sudo wg-quick up wg0 Password: Warning: `/etc/wireguard/wg0.conf' is world accessible [#] ip link add wg0 type wireguard [#] wg setconf wg0 /dev/fd/63 [#] ip -4 address add 100.x.x.x/32 dev wg0 [#] ip link set mtu 1420 up dev wg0 [#] resolvconf -a wg0 -m 0 -x /usr/local/bin/wg-quick: line 32: resolvconf: command not found [#] ip link delete dev wg0I'm running this on a Synology NAS. How do I resolve this ?
I'm running this on a Synology NAS too. How do I resolve this ?
