Development discussion of WireGuard
 help / color / mirror / Atom feed
* Android App not setting DNS when allowed IPS not 0.0.0.0/0
@ 2020-08-06 11:22 Mauro Santos
  2020-08-07  4:29 ` Alexander Skwar
  0 siblings, 1 reply; 5+ messages in thread
From: Mauro Santos @ 2020-08-06 11:22 UTC (permalink / raw)
  To: wireguard

Hello,

Like the subject says I have found that when I'm not routing all traffic
through the vpn then my dns setting seems to be ignored (tested with
nsleaktest.com).

If I route all traffic through the vpn then it works as expected.

home network: 192.168.20.0/24

vpn "server" is at 192.168.20.10 and internal vpn address is 10.4.4.1,
where I have the dns server running and a few other services accessible
only though the vpn.

"server" config (with systemd-networkd)
wireguard.netdev:
[NetDev]
Name = wireguard
Kind = wireguard
Description = WireGuard VPN

[WireGuard]
ListenPort = 4911
PrivateKey = ...
#Publickey = ...

# Phone
[WireGuardPeer]
PublicKey = ...
AllowedIPs = 10.4.4.3/32

wireguard.network
[Match]
Name = wireguard

[Network]
Address = 10.4.4.1/24

"client" config (android vpn app):
[Interface]
name: msi
public key: ...
addresses: 10.4.4.3/32
dns servers: 10.4.4.1

[Peer]
public key: ...
allowed ips: 10.4.4.0/24
endpoint: 192.168.20.10:4911

The problem also persists if I access the vpn from outside my internal
network and is "fixed" if I change the allowed ips from 10.4.4.0/24 to
0.0.0.0/0.

From what I have searched, other people with similar problems had a
configuration problem, but I don't think it is the case here since my
dns servers in on the same machine as other services and I can access
the other services without problems.

Any ideas on what the problem could be? I have checked the log on the
android app but none of the messages in the log seems to indicate any
problem, should I be looking for some warning/error messages in particular?

-- 
Mauro Santos

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: Android App not setting DNS when allowed IPS not 0.0.0.0/0
  2020-08-06 11:22 Android App not setting DNS when allowed IPS not 0.0.0.0/0 Mauro Santos
@ 2020-08-07  4:29 ` Alexander Skwar
  2020-08-07 10:51   ` Mauro Santos
  0 siblings, 1 reply; 5+ messages in thread
From: Alexander Skwar @ 2020-08-07  4:29 UTC (permalink / raw)
  Cc: wireguard

hello

Welcome to the club — that is EXACTLY what I'm talking about in the
thread "WireGuard macOS App doesn't set system default DNS".

Are you on macOS as well? Using the WireGuard App or are you using wg-quick?

Regards,

Alexander

Am Do., 6. Aug. 2020 um 16:20 Uhr schrieb Mauro Santos
<registo.mailling@gmail.com>:

>
> Hello,
>
> Like the subject says I have found that when I'm not routing all traffic
> through the vpn then my dns setting seems to be ignored (tested with
> nsleaktest.com).
>
> If I route all traffic through the vpn then it works as expected.
>
> home network: 192.168.20.0/24
>
> vpn "server" is at 192.168.20.10 and internal vpn address is 10.4.4.1,
> where I have the dns server running and a few other services accessible
> only though the vpn.
>
> "server" config (with systemd-networkd)
> wireguard.netdev:
> [NetDev]
> Name = wireguard
> Kind = wireguard
> Description = WireGuard VPN
>
> [WireGuard]
> ListenPort = 4911
> PrivateKey = ...
> #Publickey = ...
>
> # Phone
> [WireGuardPeer]
> PublicKey = ...
> AllowedIPs = 10.4.4.3/32
>
> wireguard.network
> [Match]
> Name = wireguard
>
> [Network]
> Address = 10.4.4.1/24
>
> "client" config (android vpn app):
> [Interface]
> name: msi
> public key: ...
> addresses: 10.4.4.3/32
> dns servers: 10.4.4.1
>
> [Peer]
> public key: ...
> allowed ips: 10.4.4.0/24
> endpoint: 192.168.20.10:4911
>
> The problem also persists if I access the vpn from outside my internal
> network and is "fixed" if I change the allowed ips from 10.4.4.0/24 to
> 0.0.0.0/0.
>
> From what I have searched, other people with similar problems had a
> configuration problem, but I don't think it is the case here since my
> dns servers in on the same machine as other services and I can access
> the other services without problems.
>
> Any ideas on what the problem could be? I have checked the log on the
> android app but none of the messages in the log seems to indicate any
> problem, should I be looking for some warning/error messages in particular?
>
> --
> Mauro Santos



--



Alexander
--
=>        Google+ => http://plus.skwar.me         <==
=> Chat (Jabber/Google Talk) => a.skwar@gmail.com <==

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: Android App not setting DNS when allowed IPS not 0.0.0.0/0
  2020-08-07  4:29 ` Alexander Skwar
@ 2020-08-07 10:51   ` Mauro Santos
  2020-08-07 11:59     ` Alexander Skwar
  0 siblings, 1 reply; 5+ messages in thread
From: Mauro Santos @ 2020-08-07 10:51 UTC (permalink / raw)
  To: Alexander Skwar; +Cc: wireguard

On 07/08/20 05:29, Alexander Skwar wrote:
> hello
> 
> Welcome to the club — that is EXACTLY what I'm talking about in the
> thread "WireGuard macOS App doesn't set system default DNS".
> 
> Are you on macOS as well? Using the WireGuard App or are you using wg-quick?
> 
> Regards,
> 
> Alexander
> 

Hello,

I'm not on macOS, this is a problem with the android app, just like the
subject says ;)

I don't know if wg-quick has the same problem, on my laptop I have
unbound running and I use that. I do not have any dns settings on my
wg-quick config files.

Regards,
Mauro Santos

> Am Do., 6. Aug. 2020 um 16:20 Uhr schrieb Mauro Santos
> <registo.mailling@gmail.com>:
> 
>>
>> Hello,
>>
>> Like the subject says I have found that when I'm not routing all traffic
>> through the vpn then my dns setting seems to be ignored (tested with
>> nsleaktest.com).
>>
>> If I route all traffic through the vpn then it works as expected.
>>
>> home network: 192.168.20.0/24
>>
>> vpn "server" is at 192.168.20.10 and internal vpn address is 10.4.4.1,
>> where I have the dns server running and a few other services accessible
>> only though the vpn.
>>
>> "server" config (with systemd-networkd)
>> wireguard.netdev:
>> [NetDev]
>> Name = wireguard
>> Kind = wireguard
>> Description = WireGuard VPN
>>
>> [WireGuard]
>> ListenPort = 4911
>> PrivateKey = ...
>> #Publickey = ...
>>
>> # Phone
>> [WireGuardPeer]
>> PublicKey = ...
>> AllowedIPs = 10.4.4.3/32
>>
>> wireguard.network
>> [Match]
>> Name = wireguard
>>
>> [Network]
>> Address = 10.4.4.1/24
>>
>> "client" config (android vpn app):
>> [Interface]
>> name: msi
>> public key: ...
>> addresses: 10.4.4.3/32
>> dns servers: 10.4.4.1
>>
>> [Peer]
>> public key: ...
>> allowed ips: 10.4.4.0/24
>> endpoint: 192.168.20.10:4911
>>
>> The problem also persists if I access the vpn from outside my internal
>> network and is "fixed" if I change the allowed ips from 10.4.4.0/24 to
>> 0.0.0.0/0.
>>
>> From what I have searched, other people with similar problems had a
>> configuration problem, but I don't think it is the case here since my
>> dns servers in on the same machine as other services and I can access
>> the other services without problems.
>>
>> Any ideas on what the problem could be? I have checked the log on the
>> android app but none of the messages in the log seems to indicate any
>> problem, should I be looking for some warning/error messages in particular?
>>
>> --
>> Mauro Santos
> 
> 
> 
> --
> 
> 
> 
> Alexander
> --
> =>        Google+ => http://plus.skwar.me         <==
> => Chat (Jabber/Google Talk) => a.skwar@gmail.com <==
>

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: Android App not setting DNS when allowed IPS not 0.0.0.0/0
  2020-08-07 10:51   ` Mauro Santos
@ 2020-08-07 11:59     ` Alexander Skwar
  2020-08-08  8:04       ` Mauro Santos
  0 siblings, 1 reply; 5+ messages in thread
From: Alexander Skwar @ 2020-08-07 11:59 UTC (permalink / raw)
  To: Mauro Santos; +Cc: wireguard

Hello,

Am Fr., 7. Aug. 2020 um 12:51 Uhr schrieb Mauro Santos
<registo.mailling@gmail.com>:

> I'm not on macOS, this is a problem with the android app, just like the
> subject says ;)

Ah, yeah, now I notice the subject as well... Too bad then (for me).

FWIW, my client config (in the exported ZIP file) looks different to
what you've got.

[Interface]
Address = 172.31.0.5/24
DNS = 176.9.37.132
PrivateKey = …=

[Peer]
AllowedIPs = 10.136.16.0/22, 172.31.0.0/24, 169.254.169.253/32
Endpoint = wg.….ch:51820
PublicKey = …=

I've got no "name" attribute and I'm using "=" signs. But I guess you didn't
use an export in your OP but copied the stuff by hand?

Regards,
Alexander

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: Android App not setting DNS when allowed IPS not 0.0.0.0/0
  2020-08-07 11:59     ` Alexander Skwar
@ 2020-08-08  8:04       ` Mauro Santos
  0 siblings, 0 replies; 5+ messages in thread
From: Mauro Santos @ 2020-08-08  8:04 UTC (permalink / raw)
  To: Alexander Skwar; +Cc: wireguard

Hello,

On 07/08/20 12:59, Alexander Skwar wrote:

> I've got no "name" attribute and I'm using "=" signs. But I guess you didn't
> use an export in your OP but copied the stuff by hand?

Yes you are correct, I did copy the information by hand, the exported
configuration does not have that attribute.

Regards,
Mauro Santos

^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2020-08-08  8:04 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-08-06 11:22 Android App not setting DNS when allowed IPS not 0.0.0.0/0 Mauro Santos
2020-08-07  4:29 ` Alexander Skwar
2020-08-07 10:51   ` Mauro Santos
2020-08-07 11:59     ` Alexander Skwar
2020-08-08  8:04       ` Mauro Santos

Development discussion of WireGuard

This inbox may be cloned and mirrored by anyone:

	git clone --mirror http://inbox.vuxu.org/wireguard

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V1 wireguard wireguard/ http://inbox.vuxu.org/wireguard \
		wireguard@lists.zx2c4.com
	public-inbox-index wireguard

Example config snippet for mirrors.
Newsgroup available over NNTP:
	nntp://inbox.vuxu.org/vuxu.archive.wireguard


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git