I’m trying to make a full tunnel work with Wireguard on pfSense and a Windows computer. The computer can access the tunnel and get to my servers using IP addresses, but not using the server FQDNs. (I’ve set them up using HAProxy with a wildcard certificate.) I can ping 1.1.1.1, but can’t reach Websites using domains. In these cases the failure message is that the DNS address could not be found.
The Netgate instructions include: " All traffic may be associated with a peer by using 0.0.0.0/0 for IPv4 or ::/0 for IPv6, but this won’t work for a tunnel with multiple peers. Only the last peer in the list will be configured properly." So I’ve removed my phone as a peer for the tunnel, but still get the same result.
I did not create a separate interface for Wireguard. I’m using Unbound as my DNS server. The general settings for DNS Resolver do not show an interface for Wireguard. However, the “Access Lists” tab includes an entry showing the tunnel network.
The Windows Wireguard app has the DNS server set to my pfSense interface (192.168.8.1).
In pfSense, I’ve tried to direct all DNS queries to Unbound. I have this rule in Firewall/NAT/PortForward:
And these rules in Firewall/Rules/WireGuard:
I assume this is a problem of getting Unbound to respond to DNS queries from the remote peer, but I’m at a loss of what else to do. Any suggestions will be apprecieated.