Development discussion of WireGuard
 help / color / mirror / Atom feed
From: Devanath S <s.devanath@gmail.com>
To: WireGuard mailing list <wireguard@lists.zx2c4.com>,
	"Jason A. Donenfeld" <Jason@zx2c4.com>
Subject: Re: wireguard-go on MACos
Date: Mon, 19 Sep 2022 11:55:42 -0700	[thread overview]
Message-ID: <CADjMg7VnQ4Zq=fA7nNJNH+b_5DcZdJpZ1-FfKC1caFB49rkBFw@mail.gmail.com> (raw)
In-Reply-To: <CADjMg7XtPWoozpBikNGP=EDCYvH=dr3Uo60emPXGvUv0MbJvVQ@mail.gmail.com>

Hi Shulhan,

Yes, we already do that. In split tunnel mode, we cannot make all
traffic to reach the wireguard server (only a subset of the traffic is
routed through the tunnel).

SO the feature is specific domain name requests will be directed to
dns proxy running on wireguard device => proxy forwards to wireguard
service (where the dns server resides) through the tunnel. For the
rest of the domain names, they are resolved using the primary DNS
server on the desktop.
This works as expected when we run the DNS proxy on localhost. But
want it to listen on wireguard device ipaddress instead. This fails on
MACos. Hope it makes sense. Thanx in advance.


Regards,
Dev
------

> Hi Dev,

> On Mon, 19 Sep 2022 10:47:29 -0700
> Devanath S <s.devan...@gmail.com> wrote:

> Hi All,
>
> We are using wireguard-go on MACOS/LINUX and a dns-proxy is listening
> on wireguard device. dns-proxy is receiving dns requests from the
> desktop (destined to wireguarddeviceip:53) on linuxos. But the same
> does not work on MACos.
>
> I have tried to create tun/ap using go-library (water) and was able to
> receive the requests, but the same fails when using a wireguard device
> created using wireguard-go. Also ping to wireguard device ip from the
> desktop fails miserably.
>

I assume you want to make all peers request to the same DNS server, yes?

In that case, instead of installing dns-proxy on each user, setup a
central DNS server and let the WireGuard handle the rest.

For example, in my experience, I setup rescached [1] (or any DNS
caches/forwarder) on the "server" peer at 10.8.0.1 and set the DNS
option on each "client" peer to that address

  [Interface]
  ...
  DNS = 10.8.0.1

With this mode, client does not need to install or setup anything except
the WireGuard application.

On Mon, Sep 19, 2022 at 10:47 AM Devanath S <s.devanath@gmail.com> wrote:
>
> Hi All,
>
> We are using wireguard-go on MACOS/LINUX and a dns-proxy is listening
> on wireguard device. dns-proxy is receiving dns requests from the
> desktop (destined to wireguarddeviceip:53) on linuxos. But the same
> does not work on MACos.
>
> I have tried to create tun/ap using go-library (water) and was able to
> receive the requests, but the same fails when using a wireguard device
> created using wireguard-go. Also ping to wireguard device ip from the
> desktop fails miserably.
>
> I am kind of blocked, Appreciate any help regarding this.
>
> Regards,
> Dev

      parent reply	other threads:[~2022-09-19 18:56 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-09-19 17:47 Devanath S
2022-09-19 18:29 ` Shulhan
2022-09-19 18:55 ` Devanath S [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CADjMg7VnQ4Zq=fA7nNJNH+b_5DcZdJpZ1-FfKC1caFB49rkBFw@mail.gmail.com' \
    --to=s.devanath@gmail.com \
    --cc=Jason@zx2c4.com \
    --cc=wireguard@lists.zx2c4.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).