Hello,
Can someone please explain what is the purpose of the client-dns setting in wireguard?
Thank you
Sorry I dont see a client dns setting in my wireguard???
Okay checking the docs, it would appear when using BTH wireguard, its a setting thats there.
Never used it so not sure, how one is supposed to treat that entry.
not only that , all of them in this group i’ve never used like
client address
client endpoint
client keepalive
client listen port.
not sure if there is any point playing with that
It just a helper for when RouterOS show the WG config file for peer. It has nothing to with how normally WG works on the Mikrotik. It is just a “UI helper” to create the right WG peer config for the remote peer.
With BTH it’s the same, except since app does need a WG config to run, that’s how it generated - via RouterOS’s WG peer configuration. Now the winbox WG config for a peer shown for additional BTH home users, can actually be used in any WG & all the BTH features still work - in particular the “Client Endpoint” which the BTH DDNS name i.e. snXXXXXXX.vpn.mynetname.net
You’ll notice the values you enter into all the “Client Xxxxxx:” in winbox, go in the sample WG config for the peer.
But you can ignore them all UNLESS you cut-and-paste the Winbox-generate config to configure WG peers/“clients”.. But does put all the needed keys in the right place, beyond just the “Client Xxxx” setting above it. And most WG client accept a config - which may be easier than entering the various keys in some other UI.
So is there any way to make the router use the wireguard configured DNS?
When you specify DNS=X.X.X.X in the conf file, if it is imported in windows, that IP becomes automatically without touching anything else the DNS server for that conneciton, that’s very usefull when you have in the other side of the VPN a DNS server resolving private hostnames
Good question, the answer is there is no certainty in the ways of MT programmers regarding wireguard.
There is lots wrong with the implementation or GUI or display of information to the admin in RoS regarding wireguard.
Typically we dont change our local DNS based on wireguard settings, we simply use IP DNS and DHCP server etc, and perhaps even dstnat appropriately.
For me I always saw that client entry as informative only, whereas, it certain cases Conur it should drive an export to a client user…
The import and export of files currently is a disorganized incomplete blob.
If you want to look at a proposed outlook and wish to comment on that please read this thread..
http://forum.mikrotik.com/t/winbox-4-wireguard-re-imagined/182782/1
AFAIK, the dns from an WG Import’ed peer is not used.
Depending on situation… you MAY be able to MANUALLY use FWD (or static/regex/etc) in /ip/dns, to re-direct something like a WG subnet.