Development discussion of WireGuard
 help / color / Atom feed
* Search Domain/DNS Suffix
@ 2020-03-25 23:04 virtualdxs
  2020-04-06  6:12 ` simon
  0 siblings, 1 reply; 11+ messages in thread
From: virtualdxs @ 2020-03-25 23:04 UTC (permalink / raw)


Hello all,

I'm trying to deploy a wireguard VPN for a small company and it's
working great, with one issue: On Windows/Mac I can't find a way to
set search domains on the connection. Windows, I can probably just set
a system-wide search domain via the registry (I plan to test that
tonight), but on Mac I can't figure out anything. Even the normal
command line method, networksetup -setsearchdomains [interface],
doesn't take effect - I can retrieve whatever I set with networksetup
-getsearchdomains [interface], but it's not used by the system.

Does anybody know a solution or workaround?

Duncan X Simpson, K7DXS
Removal of this tagline is a violation of Federal Law.


^ permalink raw reply	[flat|nested] 11+ messages in thread

* Search Domain/DNS Suffix
  2020-03-25 23:04 Search Domain/DNS Suffix virtualdxs
@ 2020-04-06  6:12 ` simon
  0 siblings, 0 replies; 11+ messages in thread
From: simon @ 2020-04-06  6:12 UTC (permalink / raw)


Hi,

I have a similar requirement - to set connection specific DNS suffix. I solved it by extending the wireguard-windows: https://git.zx2c4.com/wireguard-windows/commit/?h=sr/mydist&id=3672fbc0bcb1821c98566fac32ba0638d4d4c611

However, I do not plan to ask zx2c4 to merge it upstream, as he has better idea to provide PostUpExec feature which would allow universal mean for any extra system configuration required. Stay tuned.

Meanwhile, just a suggestion (haven't tested it thou)... Add a task to Task Scheduler to fire every couple of minutes doing:

reg.exe add HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\<GUID of your WG adapter*> /v Domain /t REG_SZ /d contoso.local

This should setup the connection specific DNS suffix soon after the tunnel is established and keep it set. But its nuts and doesn't scale. The PostUpExec will be the right approach.

Regards, Simon

* On Windows 10 the WG adapter GUID is pseudo-random based on your WG config. As long as your config is static, it won't change. Once WG connected, look it up in HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces.

?-----Original Message-----
From: WireGuard <wireguard-bounces at lists.zx2c4.com> on behalf of Duncan X Simpson <virtualdxs at gmail.com>
Date: Sunday, 5 April 2020 at 23:51
To: "wireguard at lists.zx2c4.com" <wireguard at lists.zx2c4.com>
Subject: Search Domain/DNS Suffix

    Hello all,
    
    I'm trying to deploy a wireguard VPN for a small company and it's
    working great, with one issue: On Windows/Mac I can't find a way to
    set search domains on the connection. Windows, I can probably just set
    a system-wide search domain via the registry (I plan to test that
    tonight), but on Mac I can't figure out anything. Even the normal
    command line method, networksetup -setsearchdomains [interface],
    doesn't take effect - I can retrieve whatever I set with networksetup
    -getsearchdomains [interface], but it's not used by the system.
    
    Does anybody know a solution or workaround?
    
    Duncan X Simpson, K7DXS
    Removal of this tagline is a violation of Federal Law.
    
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2965 bytes
Desc: not available
URL: <http://lists.zx2c4.com/pipermail/wireguard/attachments/20200406/d9f1eb91/attachment.p7s>


^ permalink raw reply	[flat|nested] 11+ messages in thread

* Re: Search Domain/DNS Suffix
  2020-05-11 21:30       ` Phillip McMahon
@ 2020-05-11 21:32         ` Jason A. Donenfeld
  0 siblings, 0 replies; 11+ messages in thread
From: Jason A. Donenfeld @ 2020-05-11 21:32 UTC (permalink / raw)
  To: Phillip McMahon
  Cc: Ricardo Fraile, Simon Rozman, virtualdxs, WireGuard mailing list

On Mon, May 11, 2020 at 3:31 PM Phillip McMahon
<phillip.mcmahon@gmail.com> wrote:
>
> Could be a little confusing as the wg site suggests if you install
> wireguard-tools you'll get v1.0.20200510, which is not the case right
> now.
>
> Shouldn't the released stable package be referenced?

No, because then people will harass the package maintainer after he is
no longer able to do anything about it, no matter the text or tristate
proposal.

^ permalink raw reply	[flat|nested] 11+ messages in thread

* Re: Search Domain/DNS Suffix
  2020-05-11 21:23     ` Jason A. Donenfeld
@ 2020-05-11 21:30       ` Phillip McMahon
  2020-05-11 21:32         ` Jason A. Donenfeld
  0 siblings, 1 reply; 11+ messages in thread
From: Phillip McMahon @ 2020-05-11 21:30 UTC (permalink / raw)
  To: Jason A. Donenfeld
  Cc: Ricardo Fraile, Simon Rozman, virtualdxs, WireGuard mailing list

Could be a little confusing as the wg site suggests if you install
wireguard-tools you'll get v1.0.20200510, which is not the case right
now.

Shouldn't the released stable package be referenced?

On Mon, 11 May 2020 at 23:23, Jason A. Donenfeld <Jason@zx2c4.com> wrote:
>
> On Mon, May 11, 2020 at 3:17 PM Phillip McMahon
> <phillip.mcmahon@gmail.com> wrote:
> >
> > Wireguard site is showing fedora wireguard-tools as up to date. It has
> > not been released yet, still marked as pending testing
> >
> > https://bodhi.fedoraproject.org/updates/?packages=wireguard-tools
>
> Fine by me. This means there is no further action for Joe, the Fedora
> maintainer, to take on this matter.



-- 
Use this contact page to send me encrypted messages and files

https://flowcrypt.com/me/phillipmcmahon

P.S. Drowning in email? Try SaneBox and take back control:
http://sanebox.com/t/old3m. I love it.

^ permalink raw reply	[flat|nested] 11+ messages in thread

* Re: Search Domain/DNS Suffix
  2020-05-11  9:55   ` Shawn Hoffman
@ 2020-05-11 21:23     ` Jason A. Donenfeld
  0 siblings, 0 replies; 11+ messages in thread
From: Jason A. Donenfeld @ 2020-05-11 21:23 UTC (permalink / raw)
  To: Shawn Hoffman
  Cc: Ricardo Fraile, Simon Rozman, virtualdxs, WireGuard mailing list

On Mon, May 11, 2020 at 3:55 AM Shawn Hoffman <godisgovernment@gmail.com> wrote:
>
> On windows, currently the following has to be done manually / outside
> of wg flow:
>
> PS> Set-DnsClient -InterfaceAlias name -ConnectionSpecificSuffix "name.com"
>
> It works fine (although the lack of PostUp, etc is annoying) , but
> would be nicer if it could be easily configured the same way.

This is why I wrote in the release notes, "This new feature will be
rolling out across our various GUI clients in the next week or so."

^ permalink raw reply	[flat|nested] 11+ messages in thread

* Re: Search Domain/DNS Suffix
  2020-05-11 21:16   ` Phillip McMahon
@ 2020-05-11 21:23     ` Jason A. Donenfeld
  2020-05-11 21:30       ` Phillip McMahon
  0 siblings, 1 reply; 11+ messages in thread
From: Jason A. Donenfeld @ 2020-05-11 21:23 UTC (permalink / raw)
  To: Phillip McMahon
  Cc: Ricardo Fraile, Simon Rozman, virtualdxs, WireGuard mailing list

On Mon, May 11, 2020 at 3:17 PM Phillip McMahon
<phillip.mcmahon@gmail.com> wrote:
>
> Wireguard site is showing fedora wireguard-tools as up to date. It has
> not been released yet, still marked as pending testing
>
> https://bodhi.fedoraproject.org/updates/?packages=wireguard-tools

Fine by me. This means there is no further action for Joe, the Fedora
maintainer, to take on this matter.

^ permalink raw reply	[flat|nested] 11+ messages in thread

* Re: Search Domain/DNS Suffix
  2020-05-11  6:25 ` Jason A. Donenfeld
  2020-05-11  8:56   ` Ricardo Fraile
  2020-05-11  9:55   ` Shawn Hoffman
@ 2020-05-11 21:16   ` Phillip McMahon
  2020-05-11 21:23     ` Jason A. Donenfeld
  2 siblings, 1 reply; 11+ messages in thread
From: Phillip McMahon @ 2020-05-11 21:16 UTC (permalink / raw)
  To: Jason A. Donenfeld
  Cc: Ricardo Fraile, Simon Rozman, virtualdxs, WireGuard mailing list

Wireguard site is showing fedora wireguard-tools as up to date. It has
not been released yet, still marked as pending testing

https://bodhi.fedoraproject.org/updates/?packages=wireguard-tools


On Mon, 11 May 2020 at 08:26, Jason A. Donenfeld <Jason@zx2c4.com> wrote:
>
> Your wish is my command:
>
> https://lists.zx2c4.com/pipermail/wireguard/2020-May/005415.html
>
> DNS=8.8.8.8,8.8.4.4,mycorp.net



-- 
Use this contact page to send me encrypted messages and files

https://flowcrypt.com/me/phillipmcmahon

P.S. Drowning in email? Try SaneBox and take back control:
http://sanebox.com/t/old3m. I love it.

^ permalink raw reply	[flat|nested] 11+ messages in thread

* Re: Search Domain/DNS Suffix
  2020-05-11  6:25 ` Jason A. Donenfeld
  2020-05-11  8:56   ` Ricardo Fraile
@ 2020-05-11  9:55   ` Shawn Hoffman
  2020-05-11 21:23     ` Jason A. Donenfeld
  2020-05-11 21:16   ` Phillip McMahon
  2 siblings, 1 reply; 11+ messages in thread
From: Shawn Hoffman @ 2020-05-11  9:55 UTC (permalink / raw)
  To: Jason A. Donenfeld
  Cc: Ricardo Fraile, Simon Rozman, virtualdxs, WireGuard mailing list

On windows, currently the following has to be done manually / outside
of wg flow:

PS> Set-DnsClient -InterfaceAlias name -ConnectionSpecificSuffix "name.com"

It works fine (although the lack of PostUp, etc is annoying) , but
would be nicer if it could be easily configured the same way.

On Sun, May 10, 2020 at 11:26 PM Jason A. Donenfeld <Jason@zx2c4.com> wrote:
>
> Your wish is my command:
>
> https://lists.zx2c4.com/pipermail/wireguard/2020-May/005415.html
>
> DNS=8.8.8.8,8.8.4.4,mycorp.net

^ permalink raw reply	[flat|nested] 11+ messages in thread

* Re: Search Domain/DNS Suffix
  2020-05-11  6:25 ` Jason A. Donenfeld
@ 2020-05-11  8:56   ` Ricardo Fraile
  2020-05-11  9:55   ` Shawn Hoffman
  2020-05-11 21:16   ` Phillip McMahon
  2 siblings, 0 replies; 11+ messages in thread
From: Ricardo Fraile @ 2020-05-11  8:56 UTC (permalink / raw)
  To: Jason A. Donenfeld; +Cc: Simon Rozman, virtualdxs, WireGuard mailing list

Perfect, that solves the domain setting workaround. Thanks Jason!


El 2020-05-11 08:25, Jason A. Donenfeld escribió:
> Your wish is my command:
> 
> https://lists.zx2c4.com/pipermail/wireguard/2020-May/005415.html
> 
> DNS=8.8.8.8,8.8.4.4,mycorp.net

^ permalink raw reply	[flat|nested] 11+ messages in thread

* Re: Search Domain/DNS Suffix
  2020-04-21  9:09 Ricardo Fraile
@ 2020-05-11  6:25 ` Jason A. Donenfeld
  2020-05-11  8:56   ` Ricardo Fraile
                     ` (2 more replies)
  0 siblings, 3 replies; 11+ messages in thread
From: Jason A. Donenfeld @ 2020-05-11  6:25 UTC (permalink / raw)
  To: Ricardo Fraile; +Cc: Simon Rozman, virtualdxs, WireGuard mailing list

Your wish is my command:

https://lists.zx2c4.com/pipermail/wireguard/2020-May/005415.html

DNS=8.8.8.8,8.8.4.4,mycorp.net

^ permalink raw reply	[flat|nested] 11+ messages in thread

* RE: Search Domain/DNS Suffix
@ 2020-04-21  9:09 Ricardo Fraile
  2020-05-11  6:25 ` Jason A. Donenfeld
  0 siblings, 1 reply; 11+ messages in thread
From: Ricardo Fraile @ 2020-04-21  9:09 UTC (permalink / raw)
  To: simon, virtualdxs, wireguard

Hi,

I tried to solve a similar issue on Linux a few months ago but sadly it 
wasn't merged to wg-quick:

https://www.mail-archive.com/wireguard@lists.zx2c4.com/msg04530.html

In my particular opinion, I think that this option is mandatory at the 
same level as DNS servers.

Regards,

^ permalink raw reply	[flat|nested] 11+ messages in thread

end of thread, back to index

Thread overview: 11+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-03-25 23:04 Search Domain/DNS Suffix virtualdxs
2020-04-06  6:12 ` simon
2020-04-21  9:09 Ricardo Fraile
2020-05-11  6:25 ` Jason A. Donenfeld
2020-05-11  8:56   ` Ricardo Fraile
2020-05-11  9:55   ` Shawn Hoffman
2020-05-11 21:23     ` Jason A. Donenfeld
2020-05-11 21:16   ` Phillip McMahon
2020-05-11 21:23     ` Jason A. Donenfeld
2020-05-11 21:30       ` Phillip McMahon
2020-05-11 21:32         ` Jason A. Donenfeld

Development discussion of WireGuard

Archives are clonable: git clone --mirror http://inbox.vuxu.org/wireguard

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://inbox.vuxu.org/vuxu.archive.wireguard


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git