@bluecovenant said in getting DNS leaks:

hmmm i just rebooted with the "dns server override" unchecked, and got a leak again. any other suggestions? could this be a problem with how the vpn interface is set up?

@bluecovenant said in getting DNS leaks:

"dns server override"

I had same issue as you, and i resolved it by using DoT. See my thread here. The other not so elegant solution is to configure your DHCP server so it hands out proton DNS IP`s to your clients directly.

@viragomann thank you for the confirming feedback!

EDIT: ps: it worked out great, thanks again

@patient0 said in Is it possible to access the pfsense console remotely?:

@jriofrio there are KVM-Over-IP available but they are mostly not cheap.

Like TinyPilot Voyager for $350 is an example.

Or a new one on Kickstarter is JetKVM for $69 according to their website (Lawerence System did a review on it). But be careful with Kickstarter projects, they may not come alive.

Or build a PiKVM... https://docs.pikvm.org/v2/
All you need is a Pi4 (preferably) and a HDMI to CSI module.

@jimp
Yes, very simple. I'm on “KEA” now and everything's OK 👍

Send me the tip in chat and I'll check.

Steve

@comet424 resolving local resources that are listed in unbound be it via dhcp registration or static dhcp registration or host overrides has zero to do with any public dns service you would forward too.. They are not going to resolve your local resources, nor should they even i you put records up there because any ns you forward or that is not actually unbound itself that returns a rfc1918 address would be a rebind and is dangerous behavior.

Yup check the load average from the command line without the gui open and see if that is significantly lower.

ChatGPT has helped spammers a lot! 🙄

@cmcdonald

I see the same, never seen the flash before. :)

@Clouseau

LM1200

$40 from Netgear, $25 from Amazon

I have the older LB2120 connected to pfSense for dual WAN failover.

@marcosm Yes, that's right. I've created a bug report in Redmine.

Bug #15876

https://redmine.pfsense.org/issues/15874

https://redmine.pfsense.org/issues/15873

Thanks! 👍

Did you try running radsniff -x on the cli of your freeradius box?

@DominikHoffmann Thank you!

@eagle61 I think its strange no matter who you are or what region of the world your in ;)

There is no possible way those can not be changed.. If they don't know how to do it, or have no access to the router - I would check if the username/password is just default for the make and model for sure.

Then call the isp for help, those clearly not default.. So even if the isp set them up initially, not like they can not change them.. Its not like they said ok we can set this IP exactly once.. Once you set it your locked to that IP forever! ;)

But no there is going to be no way you can just slide pfsense into your original setup without some down time.. And you sure are not going to be able to route with the same networks on 2 legs of a router..

Lets say you could route even.. If some client on your 192.168.10 network wants to talk to 192.168.10.1 as its gateway.. How would that work.. He says oh need to send this to my gateway 192.168.10.1 - let me arp for that.. ooops no answer, = no access to anything off my network.

So you would have to change the gateway on the client to point to pfsense 192.168.10.x address on the lan side.. So you would have to touch every device on your 10 anyway.. And then still policy route if you wanted specific devices to use a specific gateway.. But you can not do that anyway..

So bite the bullet, schedule some down time with the business and set this up correctly.

@Bob-Dig said in [SOLVED] DNS issue with mullvad wireguard clients.:

@nimrod said in [SOLVED] DNS issue with mullvad wireguard clients.:

Ill mark this as resolved.

Great, although that was more luck than anything else. 😉

Well, it worked. And it never came to my mind yesterday. I wasted hours on this with no acceptable solution.

If you still have problems, maybe switching the DNS to WAN instead of the VPN will solve it.

Switching to WAN produces DNS leak with my old settings.

With DoT it is still encrypted and you have to trust mullvad in any case.

I dont have problem with that. Thats how it was when i was using openvpn. But openvpn didnt had issues with DNS once i reboot.

So you're connecting some servers on OPT2 and want to put HAProxy in front of them?

First get the port, VLAN and switch configured in the same way you did for OPT1. Connect the server(s) and make sure they are in the correct subnet and are reachable.

Then add HAProxy.