Wireguard tunnel not working in ReThinkDNS but works with Wireguard app on same device #1298
Comments
|
We don't have a fritzbox to reproduce this issue you're seeing. Are you technical enough to fetch us logs? If so:
No pressure. |
|
Thanks for the howto! Let's see what I can get :-)
|
|
@ignoramous I got a logcat file for you where I started the Wireguard connection "wg7" via the "Advanced" tab in RethinkDNS (Rethink told me"connected" then), then switched to my browser, tried to load "heise.de", switched back to RethinkDNS and turned the Wireguard connection off. I will send you a Tresorit link (swiss "Dropbox" alternative, in case you do not know that one) containing the file. |
I can confirm the issue. I'm also using a Fritzbox 7590, and Rethinkdns isn't functioning with Wireguard. Hopefully, a fix can be found soon. |
Can you email logs if you're technical enough (see comment above on how). The ones Braintoe sent didn't help as much. |
|
I think I found the issue: at least if you have a custom DNS specified as I have, the Fritzbox Wireguard config for the client contains these two lines specifying the DNS:
DNS = 192.168.178.199,192.168.178.1
DNS = fritz.box
I do not know if this is according to the Wireguard spec or if the implementation from AVM is faulty, but there are two differences between the official Wireguard client and RethinkDNS:
- the Wireguard client gracefully combines both DNS entries into one, while ReThink only displays the first line and seems to ignore the second one
- with my setup, only the first DNS entry "192.168.178.199" is valid, and RethinkDNS does not seem to use that one, but Wireguard does. I am however unsure if that was simply bad luck or something caused by the implementation.
As soon as I delete the DNS entry in ReThink and replace it with only the correct DNS entry, the connection works.
|
|
Thanks.
What Rethink "displays" as in, in the UI? I'll take another look to see how we handle multiple WireGuard DNSes in Rethink.
What's the "correct DNS entry" here? The IPs
Curious: If only |
|
Thanks.
You are welcome :-)
> while ReThink only displays the first line and seems to ignore the
> second one
What Rethink "displays" as in, in the UI? I'll take another look to
see how we handle multiple WireGuard DNSes in Rethink.
ReThink displays in the UI just the first DNS entry
"192.168.178.199,192.168.178.1".
> As soon as I delete the DNS entry in ReThink and replace it with
> only the correct DNS entry
What's the "correct DNS entry" here? The IPs
192.168.178.199,192.168.178.1 or fritz.box?
> with my setup, only the first DNS entry "192.168.178.199" is valid
Curious: If only ...199 is valid, why configure in the second one
...1? Also, what does "invalid" mean here? The endpoint (...1)
doesn't exist?
The correct entry is 192.168.178.199 which is my Pi-Hole. For internal
domains (and only for those), the Fritzbox router (192.168.178.1) might
be usable but I usually just ignore that and use the IP address of my
internal devices. That might however be the reason why the manufacturer
decided to add that IP as well to the Wireguard config. If I were able
to configure that entry myself, it would only contain
"192.168.178.199".
"fritz.box" is the internal DNS name of the router itself and should
resolve to "192.168.178.1". I admit it remains unclear to me why they
actually added that one to the config - maybe to circumvent the issue
they recently had when the ICANN allowed the domain suffix ".box" and
some bad guy immediately registered the domain "fritz.box".
… Message ID: ***@***.***>
|
apparently a popular home network device (Fritz Box) was registered by
a malicious actor to hijack its local name ("fritz.box").
Will fix this. cc: @hussainmohd-a
Rethink changed how it handled multiple DNS addresses in
Though "no data comes through" shouldn't happen due to DNS entries. Logs would help to see if something in addition to mishandling of DNS is going on...
Yikes. Added |
|
Yikes. Added fritz.box to undelegated domains that will always be
resolved by "System DNS": ***@***.*** Quite a few folks
(from Germany, particularly) seem to use it.
Wow, that was a fast reaction!
But yes, the "Fritzbox" routers have a market share of something between 50% and 70% here in Germany/Austria/Switzerland..
When it comes to the logs, I fear they won't show much more than what you could see in the log that I shared before with you before... sadly I cannot get any Wireguard logs from the Fritzbox.
Edit: "no data comes through" was translated wrong, sorry. What I meant: no DNS requests got to the Pi-Hole, which then meant the browser window stayed empty.
|
Just the logs from Rethink is enough. But it is all good and all fine for now, I guess.
hat tip: To check if it is DNS that's messed up, try visiting We'll release a new version soon, so let us know when that's out (a day or two), if it fixes up things for you. |
|
While trying to test the DNS issue as you suggested (i.e. visiting 1.1.1.1 with "192.168.178.199,192.168.178.1" as DNS), I noticed that ReThink actually does not allow to enter more than one DNS manually - I get a popup "UNIQUE constraint failed: ProxyApplicationMapping.uid, Proxy..." if I try that. |
Fix: #1311 (comment) |
|
Released in For connectivity drops after waking up device from sleep see: |
ReThinkDNS v0.5.5c is running as a replacement for Netguard here since you implemented Wireguard support - and works in general great.
I do have found one rather bad issue though since I switched from a Raspi Wireguard host to the (newer) official implementation of Wireguard on my Fritzbox router:
The text was updated successfully, but these errors were encountered: