16 - OpenSUSE Tumbleweed DNS Issues w/ Wireguard

Recently I ran into a fairly frustrating issue where my laptop running Tumbleweed couldn't connect, had spotty connectivity, or it had LAN access but no WAN when trying to use my Wireguard VPN. Despite verifying my server settings multiple times and looking over my firewall rules, I couldn't figure it out. But, as with all things technology, the problem is always DNS …. ahem … looking at you, AWS - AWS East Outage.

Ultimately, what led me to understanding the cause of the problem were a few Reddit and StackExchange posts mentioning the DNS or AllowedIPs config settings. And then, later a few posts mentioning Opensuse and resolv.conf not reflecting the correct DNS server. This immediately corroborates the current situation, because we can hit LAN services and devices - but nothing outside of that network, e.g., google.com or 1.1.1.1/help.

I was able to verify that it wasn't a server side configuration or connectivity issue by using nslookup and manually querying my dns server. For example …

$ > nslookup

 > server 192.168.0.XXX
 Default server: 192.168.0.XXX
 Address: 192.168.0.XXX#53

 > google.com
 Server:		192.168.0.XXX
 Address:	192.168.0.XXX#53

 Non-authoritative answer:
 Name:	google.com
 Address: 192.178.142.113
 Name:	google.com
 Address: 192.178.142.100
 Name:	google.com
 Address: 192.178.142.139
 Name:	google.com
 Address: 192.178.142.102
 Name:	google.com
 Address: 192.178.142.138
 Name:	google.com
 Address: 192.178.142.101
 Name:	google.com
 Address: 2607:f8b0:4023:807::64
 Name:	google.com
 Address: 2607:f8b0:4023:807::8b
 Name:	google.com
 Address: 2607:f8b0:4023:807::65
 Name:	google.com
 Address: 2607:f8b0:4023:807::8a

What this shows is that my VPN connection is established, I can see my DNS server, and that server is able to resolve queries for things outside of my network. In other words, this is a client side issue when enabling the VPN and not adding routes or updating the current DNS.

The fix was pretty simple though. Just install the systemd-resolved package, double check your VPN config has the DNS server set, and then restart your local VPN. Why this is missing by default when it is obviously needed for Wireguard to function properly, who-knows …

$ > sudo zypper install systemd-resolved

Hopefully that helps someone else (or me again in the future hahaha)

Sources:

• https://github.com/amnezia-vpn/amnezia-client/issues/528
• https://old.reddit.com/r/openSUSE/comments/189eh5w/systemd_wireguard_quickup_fails_after_recent
• https://old.reddit.com/r/openSUSE/comments/180tvqp/cant_connect_to_wireguard/
• https://www.linuxquestions.org/questions/linux-networking-3/wireguard-vpn-on-opensuse-leap-15-2-a-4175679166/
• https://forums.opensuse.org/t/anyone-else-having-problems-using-mullvad-vpn-since-recent-tw-update/182295
• https://forums.opensuse.org/t/wireguard-vpn-on-opensuse/141449
• https://askubuntu.com/questions/1294533/wireguard-handshake-works-but-no-internet-access
• https://dev.to/archerallstars/using-dns-over-tls-on-opensuse-linux-in-4-easy-steps-enable-cloud-firewall-for-free-today-2job