Development discussion of WireGuard
 help / color / mirror / Atom feed
* wireguard-go on MACos
@ 2022-09-19 17:47 Devanath S
  2022-09-19 18:29 ` Shulhan
  2022-09-19 18:55 ` Devanath S
  0 siblings, 2 replies; 3+ messages in thread
From: Devanath S @ 2022-09-19 17:47 UTC (permalink / raw)
  To: WireGuard mailing list, Jason A. Donenfeld

Hi All,

We are using wireguard-go on MACOS/LINUX and a dns-proxy is listening
on wireguard device. dns-proxy is receiving dns requests from the
desktop (destined to wireguarddeviceip:53) on linuxos. But the same
does not work on MACos.

I have tried to create tun/ap using go-library (water) and was able to
receive the requests, but the same fails when using a wireguard device
created using wireguard-go. Also ping to wireguard device ip from the
desktop fails miserably.

I am kind of blocked, Appreciate any help regarding this.

Regards,
Dev

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: wireguard-go on MACos
  2022-09-19 17:47 wireguard-go on MACos Devanath S
@ 2022-09-19 18:29 ` Shulhan
  2022-09-19 18:55 ` Devanath S
  1 sibling, 0 replies; 3+ messages in thread
From: Shulhan @ 2022-09-19 18:29 UTC (permalink / raw)
  To: Devanath S; +Cc: WireGuard mailing list

[-- Attachment #1: Type: text/plain, Size: 1245 bytes --]

Hi Dev,

On Mon, 19 Sep 2022 10:47:29 -0700
Devanath S <s.devanath@gmail.com> wrote:

> Hi All,
> 
> We are using wireguard-go on MACOS/LINUX and a dns-proxy is listening
> on wireguard device. dns-proxy is receiving dns requests from the
> desktop (destined to wireguarddeviceip:53) on linuxos. But the same
> does not work on MACos.
> 
> I have tried to create tun/ap using go-library (water) and was able to
> receive the requests, but the same fails when using a wireguard device
> created using wireguard-go. Also ping to wireguard device ip from the
> desktop fails miserably.
> 

I assume you want to make all peers request to the same DNS server, yes?

In that case, instead of installing dns-proxy on each user, setup a
central DNS server and let the WireGuard handle the rest.

For example, in my experience, I setup rescached [1] (or any DNS
caches/forwarder) on the "server" peer at 10.8.0.1 and set the DNS
option on each "client" peer to that address

  [Interface]
  ...
  DNS = 10.8.0.1

With this mode, client does not need to install or setup anything except
the WireGuard application.

[1] https://kilabit.info/project/rescached

-- 
{ "git":"git.sr.ht/~shulhan", "site":"kilabit.info" }

[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 228 bytes --]

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: wireguard-go on MACos
  2022-09-19 17:47 wireguard-go on MACos Devanath S
  2022-09-19 18:29 ` Shulhan
@ 2022-09-19 18:55 ` Devanath S
  1 sibling, 0 replies; 3+ messages in thread
From: Devanath S @ 2022-09-19 18:55 UTC (permalink / raw)
  To: WireGuard mailing list, Jason A. Donenfeld

Hi Shulhan,

Yes, we already do that. In split tunnel mode, we cannot make all
traffic to reach the wireguard server (only a subset of the traffic is
routed through the tunnel).

SO the feature is specific domain name requests will be directed to
dns proxy running on wireguard device => proxy forwards to wireguard
service (where the dns server resides) through the tunnel. For the
rest of the domain names, they are resolved using the primary DNS
server on the desktop.
This works as expected when we run the DNS proxy on localhost. But
want it to listen on wireguard device ipaddress instead. This fails on
MACos. Hope it makes sense. Thanx in advance.


Regards,
Dev
------

> Hi Dev,

> On Mon, 19 Sep 2022 10:47:29 -0700
> Devanath S <s.devan...@gmail.com> wrote:

> Hi All,
>
> We are using wireguard-go on MACOS/LINUX and a dns-proxy is listening
> on wireguard device. dns-proxy is receiving dns requests from the
> desktop (destined to wireguarddeviceip:53) on linuxos. But the same
> does not work on MACos.
>
> I have tried to create tun/ap using go-library (water) and was able to
> receive the requests, but the same fails when using a wireguard device
> created using wireguard-go. Also ping to wireguard device ip from the
> desktop fails miserably.
>

I assume you want to make all peers request to the same DNS server, yes?

In that case, instead of installing dns-proxy on each user, setup a
central DNS server and let the WireGuard handle the rest.

For example, in my experience, I setup rescached [1] (or any DNS
caches/forwarder) on the "server" peer at 10.8.0.1 and set the DNS
option on each "client" peer to that address

  [Interface]
  ...
  DNS = 10.8.0.1

With this mode, client does not need to install or setup anything except
the WireGuard application.

On Mon, Sep 19, 2022 at 10:47 AM Devanath S <s.devanath@gmail.com> wrote:
>
> Hi All,
>
> We are using wireguard-go on MACOS/LINUX and a dns-proxy is listening
> on wireguard device. dns-proxy is receiving dns requests from the
> desktop (destined to wireguarddeviceip:53) on linuxos. But the same
> does not work on MACos.
>
> I have tried to create tun/ap using go-library (water) and was able to
> receive the requests, but the same fails when using a wireguard device
> created using wireguard-go. Also ping to wireguard device ip from the
> desktop fails miserably.
>
> I am kind of blocked, Appreciate any help regarding this.
>
> Regards,
> Dev

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2022-09-19 18:56 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-09-19 17:47 wireguard-go on MACos Devanath S
2022-09-19 18:29 ` Shulhan
2022-09-19 18:55 ` Devanath S

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).