Accessing Unbound DNS on my phone through Wireguard VPN

Submitted ⁨⁨20⁩ ⁨hours⁩ ago⁩ by ⁨Evkob@lemmy.ca⁩ to ⁨selfhosted@lemmy.world⁩

I just setup Unbound DNS on my home server (read: old laptop screaming for dear life next to my router). Everything is working well, I can access it and use it as my DNS server on my desktop which is connected to the same network as my server.

The issue is with trying to get my phone to use Unbound while connected to the same laptop through Wireguard. If I’m connected to the Wi-Fi and disconnected from Wireguard, I can nslookup on my phone using the Unbound server, but as soon as I’m connected through Wireguard it can’t access the DNS server.

I suspect it has something to do with the fact that I run Wireguard through Docker but Unbound is setup directly on the host machine, and the container isolation is what’s causing my issues. However, I tried adding

extra_hosts:
    - "host.docker.internal:host-gateway"

to my docker-compose.yml for Wireguard, and tried accessing the DNS using the host IP inside the docker interface, but it didn’t work.

Does anyone have any leads or tips on how to properly configure this? Thanks in advance!

source

Comments

Sort:hotnew top

just_another_person@lemmy.world ⁨19⁩ ⁨hours⁩ ago
I’m…totally lost here. You’re trying to use two different VPNs on your local network? If you want your Unbound device to be a VPN exit node for your network, why wouldn’t you just setup routes to make it your default gateway?

Using two different VPM tunnels like this is going to just cause routing issues all over the place if you’re already unfamiliar with how to setup the routing to begin with.

source
- Evkob@lemmy.ca ⁨19⁩ ⁨hours⁩ ago
  I think you misunderstood part of my post, because there’s only one VPN tunnel, from the WG client on my phone to the WG server on my laptop.
  
  I want my phone to use the Unbound DNS server, which is hosted locally on the same laptop that runs my Wireguard server.
  
  source
  - just_another_person@lemmy.world ⁨19⁩ ⁨hours⁩ ago
    Ah, okay. If this is Android, just setup your Unbound host IP under ‘Private DNS’ on your phone then.
    
    Note: this will cause issues once you leave your home network unless your WH tunnel is available from outside. Set the secondary DNS to Mullvad or another secure DNS provider if that’s the case and you shouldn’t have issues once leaving the house.
    
    source
    -> View More Comments
boydster@sh.itjust.works ⁨20⁩ ⁨hours⁩ ago
Edit your DNS servers in the wireguard client config file

source
- Evkob@lemmy.ca ⁨19⁩ ⁨hours⁩ ago
  I tried this, as well as manually editing the DNS servers on the client side, but whether I use my host’s private local IP or my host’s docker interface IP it doesn’t seem to work.
  
  source
NameTaken@lemmy.world ⁨20⁩ ⁨hours⁩ ago
When connected through wireguard can you access anything on the local network?

Also sometimes if you’re on an LAN trying to vpn into itself you get weird network issues. Does this issue also happen when you’re on another network and vpning back?

Also there’s a lot of great videos on YouTube to set this up things like Lawrence systems and network Chuck.

Not exactly sure what the issue is here but gave you the up vote for visability and hopefully someone smarter then me will know.

source
- Evkob@lemmy.ca ⁨19⁩ ⁨hours⁩ ago
  
  When connected through wireguard can you access anything on the local network?
  
  Everything works as expected with Wireguard otherwise, I can ssh into my server or my desktop, and access the other things hosted on my server (although these are all through Docker, which is why I suspect container isolation to be an issue).
  
  Does this issue also happen when you’re on another network and vpning back?
  
  Yup, same issues whether I’m on the local network, the WiFi at work, or on LTE.
  
  source
  - rymdlord@feddit.nu ⁨13⁩ ⁨hours⁩ ago
    If I don’t remember wrong Android will always use your DNS config over the WG provided one so make sure to leave it blank. As for the routing I have a alternative solution that could maybe work using this app in combination with the WG tunnel. But when it comes to your current setup I suggest you try the following.
    
    Make sure that the IP and port of your DNS are accessible from your Phone you can use Termux if you want to ping and do a nc to do this.
    
    Make sure that the network that your WG connects to has its default DNS setup to be your unbound.
    
    Consider getting a Router that can run OpenWRT and then learn about vlans to create two networks(also 2 wifis) one for your roomates and one for you. Also you could setup WG on the OpenWRT router itself!
    
    If you really want to solve this problem you might want to read up on routing and networking in general! I suggest you start with Wikipedia! That’s atleast where I started! :D
    
    I wish you good luck on you self hosting experience!
    
    source