WireGuard Archive on lore.kernel.org
 help / color / Atom feed
* WireGuard behaviour with systemd-resolved
       [not found] <8FoWvrUYUmkjgZcMGqh1IHuiN4qsBZ0J-Lx0L9_G9KYNgRWxV5hgsKU1FvzVWFayxO8VRbAnQFB_6tPLYWSq90jugyDvS7ea8byrT2mwPS4=@protonmail.com>
@ 2018-09-06 19:24 ` Lane Russell
  0 siblings, 0 replies; 2+ messages in thread
From: Lane Russell @ 2018-09-06 19:24 UTC (permalink / raw)
  To: wireguard

[-- Attachment #1: Type: text/plain, Size: 753 bytes --]

I've noticed some concerning behaviour using WireGuard on Manjaro GNOME. When the WireGuard interface is brought up, the system starts using the DNS servers provided in the wg-client.conf file. Intermittently however, internal DNS records will resolve using their public IP addresses. Using tcpdump, I'm able to see the system is using 8.8.8.8 and 8.8.4.4 for some queries. These addresses are configured as fallback DNS servers in systemd-resolved. They were acquired via DHCP before the WireGuard interface was brought up.

Is this an issue with WireGuard, or systemd-resolved? Based on what information I'm able to find, it appears there are some big concerns with how systemd-resolved handles DNS, so I'm more inclined to think the issue lies there.

[-- Attachment #2: Type: text/html, Size: 796 bytes --]

<div>I've noticed some concerning behaviour using WireGuard on Manjaro GNOME. When the WireGuard interface is brought up, the system starts using the DNS servers provided in the wg-client.conf file. Intermittently however, internal DNS records will resolve using their public IP addresses. Using tcpdump, I'm able to see the system is using 8.8.8.8 and 8.8.4.4 for some queries. These addresses are configured as fallback DNS servers in systemd-resolved. They were acquired via DHCP before the WireGuard interface was brought up.<br></div><div><br></div><div>Is this an issue with WireGuard, or systemd-resolved? Based on what information I'm able to find, it appears there are some big concerns with how systemd-resolved handles DNS, so I'm more inclined to think the issue lies there.<br></div>

^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: WireGuard behaviour with systemd-resolved
@ 2018-09-16 16:55 Lane Russell
  0 siblings, 0 replies; 2+ messages in thread
From: Lane Russell @ 2018-09-16 16:55 UTC (permalink / raw)
  To: wireguard

[-- Attachment #1: Type: text/plain, Size: 651 bytes --]

I'm not sure of the proper way to resolve this issue with systemd-resolved, but I was able to get to a more comfortable position in my case by disabling systemd-resolved and manually configuring my DNS servers in /etc/resolv.conf. Since the machine in question always sends all traffic over the VPN, I statically set the IP of the WireGuard server in the wg-quick config file so I wouldn't have to have public DNS in /etc/resolv.conf.

It appears that some testing is needed with WireGuard/wg-quick on systems using systemd-resolved. I'm happy to help test, but I'm not very familiar with systemd-resolved's inner workings, so I may be of limited use.

[-- Attachment #2: Type: text/html, Size: 951 bytes --]

<div>I'm not sure of the proper way to resolve this issue with systemd-resolved, but I was able to get to a more comfortable position in my case by disabling systemd-resolved and manually configuring my DNS servers in /etc/resolv.conf. Since the machine in question always sends all traffic over the VPN, I statically set the IP of the WireGuard server in the wg-quick config file so I wouldn't have to have public DNS in /etc/resolv.conf.<br></div><div class="protonmail_signature_block protonmail_signature_block-empty"><div class="protonmail_signature_block-user protonmail_signature_block-empty"><br></div><div class="protonmail_signature_block-proton protonmail_signature_block-empty"><br></div></div><div><br></div><div>It appears that some testing is needed with WireGuard/wg-quick on systems using systemd-resolved. I'm happy to help test, but I'm not very familiar with systemd-resolved's inner workings, so I may be of limited use.<br></div>

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, back to index

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
     [not found] <8FoWvrUYUmkjgZcMGqh1IHuiN4qsBZ0J-Lx0L9_G9KYNgRWxV5hgsKU1FvzVWFayxO8VRbAnQFB_6tPLYWSq90jugyDvS7ea8byrT2mwPS4=@protonmail.com>
2018-09-06 19:24 ` WireGuard behaviour with systemd-resolved Lane Russell
2018-09-16 16:55 Lane Russell

WireGuard Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/wireguard/0 wireguard/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 wireguard wireguard/ https://lore.kernel.org/wireguard \
		wireguard@lists.zx2c4.com zx2c4-wireguard@archiver.kernel.org
	public-inbox-index wireguard


Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/com.zx2c4.lists.wireguard


AGPL code for this site: git clone https://public-inbox.org/ public-inbox