From: "Tomcsanyi, Domonkos" <firstname.lastname@example.org>
To: Waishon <email@example.com>
Subject: Re: Domain as endpoint when using wireguard with network namespaces
Date: Wed, 18 Aug 2021 07:54:12 +0200 [thread overview]
Message-ID: <03667268-5415-4FB0-9D4B-1E51466A3F5C@tomcsanyi.net> (raw)
I am sorry, but I need to ask: if your namespace does not have an internet connection how would you connect to your remote endpoint after the DNS lookup issue is solved and you received the IP behind vpn.example.com?
> 17.08.2021 dátummal, 23:06 időpontban Waishon <firstname.lastname@example.org> írta:
> Hey there,
> I'm currently trying to setup a wireguard-tunnel inside a
> network-namespace as descriped in the documentation, which fails when
> using a domain as endpoint:
> First I've created the wireguard interface inside the birth-namespace
> of the host using "ip link add wg0 type wireguard". Then I moved the
> wg0 interface to the newly created network namespace, which doesn't
> have any network interfaces and network connections beside the
> loopback interface.
> Then I configured the wg0 interface inside the network namespace using
> wg set "INTERFACE_NAME" \
> private-key <SECRET \
> peer "PEER" \
> endpoint vpn.example.com:51820 \
> persistent-keepalive 25 \
> allowed-ips ::/0
> This however results in a "Temporary failure in name resolution:
> `vpn.example.com:51820'. Trying again in 1.00 seconds..." error
> message, which makes sense, because the wireguard-tool tries to call
> getaddrinfo inside the network namespace. The namespace doesn't have
> an internet connection and the lookup fails.
> As a user I would expect that the wg-tool does the lookup in the
> birth-namespace of the interface and not inside the newly created
> network namespace.
> What is the recommended solution to resolve an domain endpoint when
> using network namespaces and wireguard? Just manually lookup the
> domain in the birth-namespace and use the ip as endpoint? The
> implementation however would be quiete hacky to make it properly work
> with IPv4 and IPv6.
next prev parent reply other threads:[~2021-08-18 5:54 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-08-16 22:19 Waishon
2021-08-18 5:54 ` Tomcsanyi, Domonkos [this message]
[not found] ` <781a68d1-6a85-4bb7-9911-003ba722c504@Spark>
[not found] ` <B255319F-EE48-42F6-8735-36285E490C66@tomcsanyi.net>
2021-08-18 21:27 ` "Tomcsányi, Domonkos"
2021-08-18 21:30 ` Waishon
2021-08-21 20:05 ` Marios Makassikis
2021-08-21 20:14 ` Waishon
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).