Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN gateway set-up

    Scheduled Pinned Locked Moved OpenVPN
    3 Posts 3 Posters 695 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      deviace
      last edited by

      I`m using pfSense 2.6 and my goal is to ensure all traffic goes on my vpn client and there are no leaks.

      I did everything according to this guide
      https://www.ivpn.net/privacy-guides/advanced-privacy-and-anonymity-part-6/

      but unfortunately openvpn can not resolve host address if I set default gateway to OPT1 (VPN). It goes online if I set it back to WAN however there are DNS resolution issues on clients.

      Any ideas?

      V 1 2 Replies Last reply Reply Quote 0
      • V
        viragomann @deviace
        last edited by

        @deviace
        Few details. However, presumably the client is configured to use an internal DNS service like the pfSense DNS Resolver, but you policy routed all traffic to the VPN provider. Hence access to the internal DNS cannot happen.

        Best solution is to forward DNS requests to either the DNS server of the VPN provider or to any other public DNS server.
        You can do this easily with NAT port forwarding rule.

        Alternatively, but less recommended, if you use the DNS Resolver on pfSense you can configure it to only send upstream requests out to the VPN gateway. But then DNS resolution is not possible if the VPN is not connected.

        1 Reply Last reply Reply Quote 0
        • 1
          123123 @deviace
          last edited by 123123

          @deviace
          If I understand your request correctly, watch this video a few times. It's kind of tailored to "Privacy VPNs", but I think it might apply to your OpenVPN interface.

          Youtube Video

          It discusses setting up a "tagging" rule on all of your LAN interfaces/networks and then use a floating rule to act as a "kill switch" to prevent the tagged packets from going out the WAN.

          In this approach, the default gateway is still set to WAN, but you set all your LAN/OPT/VLAN interfaces to use the OpenVPN interface.

          Hope I'm not sending you on a wild goosechase.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.