I setup my own DNS using unbound on the VPS host, and direct all my wireguard peers to the gateway IP as the DNS server. I have tethered my laptop to my iOS mobile hotspot. Both devices have wireguard up and running. DNSleaktest shows my laptop is leaking (ISP = Mobile phone provider). However, running the leaktest through my iPhone browser (correctly) shows my VPS IP as the ISP--no leaks on the phone itself.
Laptop would also show my VPS IP as the DNS server.
Laptop shows my mobile phone provider as the DNS.
[ contents of streisand-diagnostics.md here ]
I spun up these wireguard peers manually w/o using Ansible
Digital Ocean
18.04
1) 18.04
2) iOS
ansible --version :N/A
git rev-parse HEAD in your Streisand directory :If I remember right wireguard does something like this when the allowed ips field doesn鈥檛 include ipv6, for example
AllowedIPs = 0.0.0.0/0 would leak
AllowedIPs = 0.0.0.0/0, ::/0 wouldn鈥檛 leak
So try setting allowed ips to the above in your client and see if it helps
Most helpful comment
If I remember right wireguard does something like this when the allowed ips field doesn鈥檛 include ipv6, for example
AllowedIPs = 0.0.0.0/0 would leak
AllowedIPs = 0.0.0.0/0, ::/0 wouldn鈥檛 leak
So try setting allowed ips to the above in your client and see if it helps