NethSecurity DNS server does not work on wireguard connections

simone95 · November 10, 2025, 11:27am

Hello everyone,
I have configured a WireGuard server on NethSecurity. In the client configuration file, I set the DNS to the IP address of the WireGuard interface on NethSecurity, so that remote clients use the local DNS resolver (which already works correctly for the internal LANs).

The issue is that DNS resolution does not work when using the WireGuard interface IP as the DNS server.
To make it work, I had to remove the WireGuard interface from the “Force DNS redirection” feature in Threat Shield DNS and temporarily set 8.8.8.8 as the DNS server on the client. This works, but of course it does not use the internal resolver, which is what I would like to achieve.

I also tried adding a firewall INPUT rule, source WireGuard, ports 53/853 TCP/UDP → ACCEPT, but it didn’t help.

Does anyone know how to correctly configure NethSecurity so that remote WireGuard clients can use its DNS resolver?

Thank you.

mrmarkuz · November 10, 2025, 12:42pm

Here’s a workaround:

simone95 · November 10, 2025, 1:52pm

Sorry, but the workaround note isn’t clear to me. It says to add /24 in the “addresses” section, but in which configuration? In the Wireguard client?
I changed my Wireguard client configuration to address=[myprivateip]/24, but it still doesn’t work.

mrmarkuz · November 10, 2025, 2:20pm

I didn’t test it yet but I think it’s about the wireguard server config.

Edit /etc/config/network and add /24 to the wireguard IP, see also Wireguard: Wrong Automatically Generated Configuration

EDIT:

I confirm that a change on the wireguard server side is needed.