Android App not setting DNS when allowed IPS not 0.0.0.0/0

Android App not setting DNS when allowed IPS not 0.0.0.0/0

[Mauro Santos]

Hello,

Like the subject says I have found that when I'm not routing all traffic
through the vpn then my dns setting seems to be ignored (tested with
nsleaktest.com).

If I route all traffic through the vpn then it works as expected.

home network: 192.168.20.0/24

vpn "server" is at 192.168.20.10 and internal vpn address is 10.4.4.1,
where I have the dns server running and a few other services accessible
only though the vpn.

"server" config (with systemd-networkd)
wireguard.netdev:
[NetDev]
Name = wireguard
Kind = wireguard
Description = WireGuard VPN

[WireGuard]
ListenPort = 4911
PrivateKey = ...
#Publickey = ...

# Phone
[WireGuardPeer]
PublicKey = ...
AllowedIPs = 10.4.4.3/32

wireguard.network
[Match]
Name = wireguard

[Network]
Address = 10.4.4.1/24

"client" config (android vpn app):
[Interface]
name: msi
public key: ...
addresses: 10.4.4.3/32
dns servers: 10.4.4.1

[Peer]
public key: ...
allowed ips: 10.4.4.0/24
endpoint: 192.168.20.10:4911

The problem also persists if I access the vpn from outside my internal
network and is "fixed" if I change the allowed ips from 10.4.4.0/24 to
0.0.0.0/0.

From what I have searched, other people with similar problems had a
configuration problem, but I don't think it is the case here since my
dns servers in on the same machine as other services and I can access
the other services without problems.

Any ideas on what the problem could be? I have checked the log on the
android app but none of the messages in the log seems to indicate any
problem, should I be looking for some warning/error messages in particular?

-- 
Mauro Santos

Re: Android App not setting DNS when allowed IPS not 0.0.0.0/0

[Alexander Skwar]

hello

Welcome to the club — that is EXACTLY what I'm talking about in the
thread "WireGuard macOS App doesn't set system default DNS".

Are you on macOS as well? Using the WireGuard App or are you using wg-quick?

Regards,

Alexander

Am Do., 6. Aug. 2020 um 16:20 Uhr schrieb Mauro Santos
<registo.mailling@gmail.com>:

>
> Hello,
>
> Like the subject says I have found that when I'm not routing all traffic
> through the vpn then my dns setting seems to be ignored (tested with
> nsleaktest.com).
>
> If I route all traffic through the vpn then it works as expected.
>
> home network: 192.168.20.0/24
>
> vpn "server" is at 192.168.20.10 and internal vpn address is 10.4.4.1,
> where I have the dns server running and a few other services accessible
> only though the vpn.
>
> "server" config (with systemd-networkd)
> wireguard.netdev:
> [NetDev]
> Name = wireguard
> Kind = wireguard
> Description = WireGuard VPN
>
> [WireGuard]
> ListenPort = 4911
> PrivateKey = ...
> #Publickey = ...
>
> # Phone
> [WireGuardPeer]
> PublicKey = ...
> AllowedIPs = 10.4.4.3/32
>
> wireguard.network
> [Match]
> Name = wireguard
>
> [Network]
> Address = 10.4.4.1/24
>
> "client" config (android vpn app):
> [Interface]
> name: msi
> public key: ...
> addresses: 10.4.4.3/32
> dns servers: 10.4.4.1
>
> [Peer]
> public key: ...
> allowed ips: 10.4.4.0/24
> endpoint: 192.168.20.10:4911
>
> The problem also persists if I access the vpn from outside my internal
> network and is "fixed" if I change the allowed ips from 10.4.4.0/24 to
> 0.0.0.0/0.
>
> From what I have searched, other people with similar problems had a
> configuration problem, but I don't think it is the case here since my
> dns servers in on the same machine as other services and I can access
> the other services without problems.
>
> Any ideas on what the problem could be? I have checked the log on the
> android app but none of the messages in the log seems to indicate any
> problem, should I be looking for some warning/error messages in particular?
>
> --
> Mauro Santos



--



Alexander
--
=>        Google+ => http://plus.skwar.me         <==
=> Chat (Jabber/Google Talk) => a.skwar@gmail.com <==

Re: Android App not setting DNS when allowed IPS not 0.0.0.0/0

[Mauro Santos]

On 07/08/20 05:29, Alexander Skwar wrote:
> hello
> 
> Welcome to the club — that is EXACTLY what I'm talking about in the
> thread "WireGuard macOS App doesn't set system default DNS".
> 
> Are you on macOS as well? Using the WireGuard App or are you using wg-quick?
> 
> Regards,
> 
> Alexander
> 

Hello,

I'm not on macOS, this is a problem with the android app, just like the
subject says ;)

I don't know if wg-quick has the same problem, on my laptop I have
unbound running and I use that. I do not have any dns settings on my
wg-quick config files.

Regards,
Mauro Santos

> Am Do., 6. Aug. 2020 um 16:20 Uhr schrieb Mauro Santos
> <registo.mailling@gmail.com>:
> 
>>
>> Hello,
>>
>> Like the subject says I have found that when I'm not routing all traffic
>> through the vpn then my dns setting seems to be ignored (tested with
>> nsleaktest.com).
>>
>> If I route all traffic through the vpn then it works as expected.
>>
>> home network: 192.168.20.0/24
>>
>> vpn "server" is at 192.168.20.10 and internal vpn address is 10.4.4.1,
>> where I have the dns server running and a few other services accessible
>> only though the vpn.
>>
>> "server" config (with systemd-networkd)
>> wireguard.netdev:
>> [NetDev]
>> Name = wireguard
>> Kind = wireguard
>> Description = WireGuard VPN
>>
>> [WireGuard]
>> ListenPort = 4911
>> PrivateKey = ...
>> #Publickey = ...
>>
>> # Phone
>> [WireGuardPeer]
>> PublicKey = ...
>> AllowedIPs = 10.4.4.3/32
>>
>> wireguard.network
>> [Match]
>> Name = wireguard
>>
>> [Network]
>> Address = 10.4.4.1/24
>>
>> "client" config (android vpn app):
>> [Interface]
>> name: msi
>> public key: ...
>> addresses: 10.4.4.3/32
>> dns servers: 10.4.4.1
>>
>> [Peer]
>> public key: ...
>> allowed ips: 10.4.4.0/24
>> endpoint: 192.168.20.10:4911
>>
>> The problem also persists if I access the vpn from outside my internal
>> network and is "fixed" if I change the allowed ips from 10.4.4.0/24 to
>> 0.0.0.0/0.
>>
>> From what I have searched, other people with similar problems had a
>> configuration problem, but I don't think it is the case here since my
>> dns servers in on the same machine as other services and I can access
>> the other services without problems.
>>
>> Any ideas on what the problem could be? I have checked the log on the
>> android app but none of the messages in the log seems to indicate any
>> problem, should I be looking for some warning/error messages in particular?
>>
>> --
>> Mauro Santos
> 
> 
> 
> --
> 
> 
> 
> Alexander
> --
> =>        Google+ => http://plus.skwar.me         <==
> => Chat (Jabber/Google Talk) => a.skwar@gmail.com <==
>

Re: Android App not setting DNS when allowed IPS not 0.0.0.0/0

[Alexander Skwar]

Hello,

Am Fr., 7. Aug. 2020 um 12:51 Uhr schrieb Mauro Santos
<registo.mailling@gmail.com>:

> I'm not on macOS, this is a problem with the android app, just like the
> subject says ;)

Ah, yeah, now I notice the subject as well... Too bad then (for me).

FWIW, my client config (in the exported ZIP file) looks different to
what you've got.

[Interface]
Address = 172.31.0.5/24
DNS = 176.9.37.132
PrivateKey = …=

[Peer]
AllowedIPs = 10.136.16.0/22, 172.31.0.0/24, 169.254.169.253/32
Endpoint = wg.….ch:51820
PublicKey = …=

I've got no "name" attribute and I'm using "=" signs. But I guess you didn't
use an export in your OP but copied the stuff by hand?

Regards,
Alexander

Re: Android App not setting DNS when allowed IPS not 0.0.0.0/0

[Mauro Santos]

Hello,

On 07/08/20 12:59, Alexander Skwar wrote:

> I've got no "name" attribute and I'm using "=" signs. But I guess you didn't
> use an export in your OP but copied the stuff by hand?

Yes you are correct, I did copy the information by hand, the exported
configuration does not have that attribute.

Regards,
Mauro Santos