Community discussions

MikroTik App
 
chojrak11
Member Candidate
Member Candidate
Topic Author
Posts: 131
Joined: Sun Apr 05, 2009 10:37 am

WireGuard - issue with DNS, want it to listen on a specific IP

Tue Jan 31, 2023 12:32 am

Hi,

I travel a lot and use my laptop on many corporate networks. They block outgoing traffic like crazy. It's sometimes difficult to get a working outbound connection on anything but TCP/443 or UDP/53. While visiting such a customer I need access to my own resources which are accessible via VPN. Up to now I have used SSTP due to the above.

I'd prefer to use WireGuard. As it works over UDP, the best well-known port to use for the "VPN server" in the road-warrior setup would be UDP/53 (DNS) which is rarely blocked.
But at the same time I use DNS cache on that same RouterOS for my internal computers (`/ip/dns/set allow-remote-requests=yes`). WireGuard on port 53 and DNS don't play well together. Trying to set up WireGuard on port 53 ends up with a log error message "wireguard1: Could not create IPv4 socket", which is perfectly understandable, because the socket is already in use by DNS (which is listening on all interfaces).

Can we somehow force DNS to listen on a private IP (for example on a LAN bridge) and Wireguard on WAN IP?
Or do you remember such a feature request being filled?

Thanks in advance.
 
na6cet
just joined
Posts: 2
Joined: Mon Aug 21, 2023 11:42 am

Re: WireGuard - issue with DNS, want it to listen on a specific IP

Mon Aug 21, 2023 11:46 am

I would like to do the same thing. I'm wondering if a NAT rule could be used to map port 53 connection from WAN to the wireguard port?

Who is online

Users browsing this forum: alexantao, Google [Bot], hatred, holvoetn, rogerioqueiroz and 111 guests