This is an automated archive.
The original was posted on /r/wireguard by /u/Frozen_Gecko on 2024-01-21 13:26:53+00:00.
Hey guys,
WireGuard has been a part of my homelab for about 2 years now and I have been absolutely loving it. Recently I decided to set it up on my wife's iPhone 12 so that she has access to homelab services while on the go. The tunnel connects fine and I can access local services through http://:
without any issue as expected.
The strange part happens when I try to connect to services through local DNS records. For example when trying to connect to https://immich..com
I can not find the server, even though my local DNS (Unbound DNS on OPNsense) points all traffic on *..com
to my nginx instance. When I check Adguardhome query logs I can see that the requests to https://..com
are being forwarded to Unbound, but I do not get a correct response. When I connect to these services first over wifi and then turn off wifi and try to connect over WireGuard I see that these requests receive the correct A record response (these are cached on Adguardhome), but the service still will not connect.
A bit of background. I am running WireGuard on OPNsense and have Adguardhome as main DNS with Unbound DNS as upstream DNS and CloudFlare DoT as upstream in unbound. This setup works perfectly fine on my Android phone and my Linux laptop.
On the iPhone I have allowed ip's set to 10.11.0.0/16
because Apple Carplay does not like being routed over a vpn and I could not figure out a way to split tunnel WireGuard on iOS so that all traffic except specific apps use my vpn. I would prefer to have allowed ip's on iOS WireGuard settings be 0.0.0.0/0
. Also as DNS server I point it to my OPNsense install on 10.11.12.1
(OPNsense ip on local network).
Another issue I ran into is that Google Maps no longer seems to work with WireGuard connected. When turning off the tunnel Google Maps works again. Again, allowed ip's is set to 10.11.0.0/16
so I do not really understand why Google Maps would not work. I can not imagine the traffic to Google Maps is routed through my local subnet.
As I said before, the strangest part is that I do not run into these issues on my Android phone or my Linux laptop. Seeing as those are set up correctly I am not sure what I am doing wrong.
So in conclusion I have these three questions.
- What should I do to correctly resolve local DNS records?
- Is there a way to split tunnel apps on iOS so that I can route all internet traffic from my wife's phone over WireGuard except a couple predefined apps?
- What should I do so that Google Maps functions while connected to the WireGuard tunnel? (Even while only routing local subnet over WireGuard)
My apologies if this has been answered before, I could not find it. Thanks in advance!