Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Mullvad gateway as DNS resolver gateway does not work

    Scheduled Pinned Locked Moved
    WireGuard
    2
    2
    997
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      thimplicity
      last edited by thimplicity

      Hi everyone,
      I have set up my new pfSense installation with the following:

      • Using the DNS Resolver / no forwarder
      • All VLANs get two pi-hole servers as their DNS servers
      • Pi-hole's upstream DNS is pfSense (the DNS resolver)
      • Mullvad VPN is working
      • Outbound NAT rules are set to allow all subnets to reach the Mullvad gateway
      • According to the resolver logs, something happens when I chose the Mullvad gateway, but DNS resolution does not work

      The open challenge is that I still see DNS leaks. I read multiple times that I need to set the Mullvad/Wireguard/VPN interface as the only outbound interface in the resolver.

      Unfortunately, that does not work. I do not get any dns resolution / internet connection. At the same time, the gateway itself works as part of the VPN connection. Overall, being new to pfSense, I have followed this guide for the resolver config.

      I hope someone can help - thanks in advance!

      1 Reply Last reply Reply Quote 0
      • T thimplicity referenced this topic on
      • S
        smf12
        last edited by

        If you haven’t solved your issue yet, you have to request an IP without DNS hijacking from a different API. If you want to use the WG key you are currently using, delete it from your Mullvad account and then request the IP. You can also just use a new key if you prefer. The guide I linked below will show you how to request the IP that does not have DNS hijacking. After setting your tunnel up with the new IP Unbound will work through the Mullvad tunnel. Just an FYI, Mullvad’s connection test will show a DNS leak while using Unbound. As long as the test shows that your DNS IP is exactly the same as your tunnel’s public IP then it is working.

        link text

        1 Reply Last reply Reply Quote 1
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.