Development discussion of WireGuard
 help / color / mirror / Atom feed
From: Marios Makassikis <>
To: Waishon <>
Subject: Re: Domain as endpoint when using wireguard with network namespaces
Date: Sat, 21 Aug 2021 22:05:19 +0200	[thread overview]
Message-ID: <> (raw)
In-Reply-To: <>

On Tue, Aug 17, 2021 at 11:11 PM Waishon <> wrote:
> Hey there,
> I'm currently trying to setup a wireguard-tunnel inside a
> network-namespace as descriped in the documentation, which fails when
> using a domain as endpoint:
> First I've created the wireguard interface inside the birth-namespace
> of the host using "ip link add wg0 type wireguard". Then I moved the
> wg0 interface to the newly created network namespace, which doesn't
> have any network interfaces and network connections beside the
> loopback interface.
> Then I configured the wg0 interface inside the network namespace using
>     wg set "INTERFACE_NAME" \
>         private-key <SECRET \
>         peer "PEER" \
>         endpoint \
>         persistent-keepalive 25 \
>         allowed-ips ::/0
> This however results in a "Temporary failure in name resolution:
> `'. Trying again in 1.00 seconds..." error
> message, which makes sense, because the wireguard-tool tries to call
> getaddrinfo inside the network namespace. The namespace doesn't have
> an internet connection and the lookup fails.
> As a user I would expect that the wg-tool does the lookup in the
> birth-namespace of the interface and not inside the newly created
> network namespace.
> What is the recommended solution to resolve an domain endpoint when
> using network namespaces and wireguard? Just manually lookup the
> domain in the birth-namespace and use the ip as endpoint? The
> implementation however would be quiete hacky to make it properly work
> with IPv4 and IPv6.

Have you configured a nameserver for your network namespace ?

Normally, that would be /etc/netns/<namespace_name>/resolv.conf (you may
need to create the subdirectory first).

  parent reply	other threads:[~2021-08-21 20:29 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-08-16 22:19 Waishon
2021-08-18  5:54 ` Tomcsanyi, Domonkos
     [not found]   ` <781a68d1-6a85-4bb7-9911-003ba722c504@Spark>
     [not found]     ` <>
2021-08-18 21:27       ` "Tomcsányi, Domonkos"
2021-08-18 21:30   ` Waishon
2021-08-21 20:05 ` Marios Makassikis [this message]
2021-08-21 20:14   ` Waishon

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \ \ \ \ \

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).