dnsleak issues when using local resolver

gjaltemba

@rsaanon said in dnsleak issues when using local resolver:

@gjaltemba If you exclude WAN interface from the outgoing DNS queries, then how will the local resolver handle queries that it does not know about? Also, what does "configure your vpn by host ip" do?

dns queries will use the vpn interface.

vpn server address cannot be configured by name when vpn is down. Makes sense?

no_jah

@rsaanon said in dnsleak issues when using local resolver:

@gjaltemba thanks for your response. Could you expand on your response? What do you mean by "..configure my vpn by host ip"? In other words, which host ip are you referring to? Thanks.

Go to: Servicer / DNS Resolver.
Then look at the "Outgoing Network Interfaces" box, and make sure WAN in not selected.

You also may need to go to: System / General
And add at least on DNS on the WAN Gateway, for instance Google DNS 8.8.8.8 and 8.8.4.4, otherwise you might not be able to connect to your OpenVPN service providers DNS, and therefore not be able to reach anythin on Internet using DNS-queries.

rsaanon

@gjaltemba Even though, I have a OpenVPN client that's connected to my VPN Provider,I do not have a OpenVPN Interface in my Outgoing Interfaces list:
0_1547726628808_94990859-f376-4c55-804f-c76d24fbc227-image.png
OpenVPN Client Interface:
0_1547727040867_ec2b0bd5-0aaa-4457-b9cf-861c2ab967d6-image.png
Interfaces defined:
0_1547727244323_4df6506d-abc8-4343-8a9f-ac22c52479d7-image.png

no_jah

Well, you first need to assign a interface to your ovpnc1 network port.
You find it at: Interfaces / Interface Assignments
Then you also need to add a gateway for your OpenVPN interfafce, which you at: System / Routing / Gateways

rsaanon

@no_jah I created the OpenVPN Interface with IPv4/6 Configuration Type to None.
0_1547737349372_461e5ada-4006-4568-b63f-6786cec5448f-image.png
Looking at the Gateway Status:
0_1547736969425_b7d2d249-f7a6-4fd5-a7e6-520554a89a9b-image.png

In the above image, I see a private IANA address (10.11.10.5) that's assigned to this interface with Gateway Status: Offline. Why is this private IP showing up as Gateway when IP configuration type is set to None?

no_jah

@rsaanon

What version of pfSense do you have?
I can't even select connection type on my OpenVPN interfaces running 2.4.4_p1

rsaanon

@no_jah 2.4.3-RELEASE
Note, the last "General Configuration" image I posted is from the Web GUI->Interfaces->OpenVPN_Client_IF. The configuration type (ie: dhcp, ppp, static, etc.) have always been there.

no_jah

@rsaanon

Ok, I think you should use DHCP as IPv4 Configuration type for your OpenVPN interface.

rsaanon

@no_jah OpenVPN Interface set to DHCP v4, but then the Gateway status shows:
0_1547741829445_7bb47b01-5cd8-4128-ac84-55d2324f5236-image.png

However, if I disable ConfigurationType, the Gateway Status changes to:
0_1547742230578_1f2baa19-6052-4dd5-ba80-608ee02732f1-image.png

no_jah

@rsaanon

Did you get it to work?