0

How do you configure Wireguard Peer to use TLS?

Hi Everyone,

I want to use DNS over TLS on my peers, but I am unsure how to do it. I tried updating the DNS field with my account ID, but it did not work. How can I achieve this?

I currently use Wireguard to allow some devices to interact with my pfsense.

Since I am tunnelling everything, I wonder if my peer's only DNS query is the one sent to my pfsense and if my pfsense handles the others.

Cheers

6 replies

null
    • Calvin_Hobbes
    • 2 days ago
    • Reported - view

     Tailscale 

      • h2ogeek
      • 2 days ago
      • Reported - view

      What are you talking about? I am not going to use Tailscale!

      • Calvin_Hobbes
      • yesterday
      • Reported - view

       Tailscale makes it easy to manage Wireguard VPNs over multiple peers.  What are you talking about?

      • h2ogeek
      • 16 hrs ago
      • Reported - view

       I understand what Tailscale does. The simple reason I’m not using Tailscale is that WireGuard can be set up independently without depending on any third-party services, whereas Tailscale cannot.

    • in_addr_arpa
    • 19 hrs ago
    • Reported - view

    Are you asking how to get your VPN clients configuration to use DNS over TLS directly? Are the clients endpoints or are these site-to-site VPN configurations?

     said:
    Since I am tunnelling everything, I wonder if my peer's only DNS query is the one sent to my pfsense and if my pfsense handles the others.

     If you visit the policy setup page from one of your peers while connected to your VPN, the setup page will show you if it's resolving via that particular policy or not. If it is green, then the policy you're viewing is the policy doing the resolving for the client.

    If your alluding to a different scenario such as wanting to setup split horizon DNS and or do DNS based routing based on lookup zone or based on originating IP and or subnet (requesting IP address and or network), that is doable with the NextDNS native client by using some advanced config syntax.

      • h2ogeek
      • 15 hrs ago
      • Reported - view

       What I’m saying is that it seems the peers lack the ability to configure DNS over TLS. I’m still using NextDNS hosts on my peers, but not the TLS. I probably need to set up R53 as my DNS to enable TLS.

Login to reply

Content aside

  • 15 hrs agoLast active
  • 6Replies
  • 57Views
  • 3 Following