Development discussion of WireGuard
 help / color / mirror / Atom feed
* WireGuard macOS App doesn't set system default DNS
@ 2020-08-03  9:15 Alexander Skwar
       [not found] ` <AM0PR07MB614721A4B6B17011C3DFF7C0964D0@AM0PR07MB6147.eurprd07.prod.outlook.com>
  0 siblings, 1 reply; 4+ messages in thread
From: Alexander Skwar @ 2020-08-03  9:15 UTC (permalink / raw)
  To: wireguard

Hello

I'm having issues with the macOS App. tl;dr: It doesn't set the system
DNS to the IP of my resolver which is only reachable once the tunnel
is up.

Here's my "clients" (macOS) configuration:

#####################################################################
[Interface]
PrivateKey = ...=
Address = 172.31.0.3/24
DNS = 10.136.16.2

[Peer]
PublicKey = ...=
AllowedIPs = 10.136.16.0/22, 169.254.169.253/32
Endpoint = wg.....ch:51820
#####################################################################

Matching "server" configuration (Debian 10):

#####################################################################
[Interface]
Address = 172.31.0.1/24
Listenport = 51820
PrivateKey = ...=
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -A FORWARD -o
wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o ens5 -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -D FORWARD
-o wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o ens5 -j MASQUERADE

[Peer] # alexander-mac-1
PublicKey = kw6A7iN/sF0k2bePr15M10e6Ufhp7sJVWhZcZvGcrT8=
AllowedIPs = 172.31.0.3/32
#####################################################################

When I activate this tunnel on my mac and do a "dig" or "host" query
for some name which only the private resolver 10.136.16.2 knows, I get
an NXDOMAIN (query failed).
When I do "dig @10.136.16.2 $sameName", the name gets resolved (ie.
when I manually s). This shows that the routing is working fine.

As some extra tests, I set "DNS = 208.67.222.222" (OpenDNS) and tried
to resolve their test site www.internetbadguys.com. It resolves to
146.112.61.108, which means that OpenDNS is used (I'm normally not
using it). It also shows on https://welcome.opendns.com/.
Same result with setting "DNS = 1.1.1.1" and then going to
https://1.1.1.1/help - DNS is set.

This means that the macOS App *IS* able to set the system default
DNS, but for some reason doesn't set it to my private DNS IP of
10.136.16.2.
There is ONE (bad) work around: When I set "AllowedIPs = 0.0.0.0/0",
then the App DOES set the system default DNS to 10.136.16.2.

The log of the application doesn't show anything regarding DNS.
Pasted at https://paste.ee/p/ziqrg.

Well… Why does the macOS App refuse to set the DNS to 10.136.16.2?

Versions used:
App version: 0.0.20191105 (16)
Go backend version: 0.0.20191013
macOS: Catalina 10.15.5 (19F101)


Cheers,
Alexander

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2020-08-06 14:18 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-08-03  9:15 WireGuard macOS App doesn't set system default DNS Alexander Skwar
     [not found] ` <AM0PR07MB614721A4B6B17011C3DFF7C0964D0@AM0PR07MB6147.eurprd07.prod.outlook.com>
2020-08-03 12:14   ` Alexander Skwar
2020-08-06 13:18     ` Shulhan
2020-08-06 13:47       ` Alexander Skwar

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).