Closed sedago closed 3 years ago
I have been using custom DNS on the client side without issues. Maybe make sure the DNS address is included in the AllowedIPs? (unless of course your are already using AllowedIPs=0.0.0.0/0)
Also, just to confirm, there are no iptables rules to block traffic in this image by default. The only iptables rule that is created is for doing the outbound NAT
Thank you for your reply, I am using it on a stock Debian buster installation. The only thing I could think of would be that I have UFW installed, but as far as I know that only blocks incoming connections.
If I check iptables on the host, I can not see anything specific about DNS. The strange thing is that wireguard works flawlessly, but only if I do not set a DNS in the config file (tested on Linux and Android clients). I can ping the DNS server over the VPN but nothing is resolved.
Here are my configs: docker.compose:
wg:
container_name: wireguard
image: cmulk/wireguard-docker:buster
volumes:
- ${DOCKERCONFDIR}/wireguard:/etc/wireguard
networks:
- wgnet
ports:
- 24532:24532/udp
restart: unless-stopped
cap_add:
- NET_ADMIN
- SYS_MODULE
networks:
wgnet:
Server config:
[Interface]
PrivateKey = REMOVED
ListenPort = 24532 # UDP
Address = 10.8.2.1/32
#PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eno1 -j MASQUERADE; ip6tables -A FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -A POSTROUTING -o eno1 -j MASQUERADE
#PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eno1 -j MASQUERADE; ip6tables -D FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -D POSTROUTING -o eno1 -j MASQUERADE
#SaveConfig = true
[Peer]
## Android or other device
PublicKey = REMOVED
AllowedIPs = 10.8.2.2/32
Client config:
[Interface]
Address = 10.8.2.2/32
DNS = 64.6.64.6
PrivateKey = REMOVED
[Peer]
AllowedIPs = 0.0.0.0/0
Endpoint = REMOVED:24532
PersistentKeepalive = 25
PublicKey = REMOVED
Here are my automatically created iptables on the host: https://pastebin.com/5rNZMawr
I will have to keep trying to figure the iptables out.
Please try the latest version, I think your DNS issue was probably being caused by the wireguard script not being able to properly set the DNS settings in the client container. Should be resolved now
Hello, everything works as expected if you leave the DNS entry on the client.config blank.
However, if you add a custom DNS server, the DNS request do not get forwarded. I suspect it has to do with the iptables forward rules. Any help would be appreciated. Thanks