Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    problem with cloudflare DNS over TLS and gateway group for 2 vpn servers

    Scheduled Pinned Locked Moved DHCP and DNS
    6 Posts 2 Posters 654 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      Mosquitor
      last edited by Mosquitor

      I set up dns over tls with cloudflare along with a gateway group named VPNgroup for load balancing with 2 vpn servers. Server 1 says it is using dns over tls cloudflare dns on the cloudflare esni checker website, but server 2 just says googles dns when I do a packet capture. can some people here please tell me how I setup both servers to use cloudflare dns over tls? I"m new to this so I will need pictures to show what you mean.

      1 Reply Last reply Reply Quote 0
      • KOMK
        KOM
        last edited by

        I believe that Resolver uses the default gateway, so unless thee is a clever way or greasy hack to do it, you would have to change the default to be your gateway group, but then all traffic would go through it unless you policy-routed it out a specific WAN.

        M 2 Replies Last reply Reply Quote 1
        • M
          Mosquitor
          last edited by Mosquitor

          I fixed my problem. In System>General Setup I had to specify the gateway of each VPN to each dns hostname.

          1 Reply Last reply Reply Quote 0
          • M
            Mosquitor @KOM
            last edited by Mosquitor

            @KOM

            While setting the vpn gateway per dns, you need a different tls hostname and dns ip for each vpn gateway. so for me I was lucky and just used 2 vpns setup for load balancing so I was able to use both of cloudflares IPs and tls hostnames. If I set up more vpn servers I will have a bigger problem because I would need to specify a new different dns service other than cloudflare because cloudflare on has 2 hosts.

            If instead you just specify the dns ip and TLS host and select "none" as the gateways in System>General Setup ,when you have load balancing set up, only 1 vpn gateway will default to the google dns even if you put in more than one dns over tls host.

            1 Reply Last reply Reply Quote 0
            • M
              Mosquitor
              last edited by Mosquitor

              These guides are what helped me

              https://forum.netgate.com/topic/139771/setup-dns-over-tls-on-pfsense-2-4-4-p2-guide/5

              https://www.techhelpguides.com/2017/06/12/ultimate-pfsense-openvpn-guide/

              1 Reply Last reply Reply Quote 2
              • M
                Mosquitor @KOM
                last edited by

                @KOM

                I just now realized what you meant. Thank you. Mine is set up so if by any chance both of the vpn servers get disconnected by a hacker, pfsense will not expose my real ip. I like it like that. So If I need to disable my vpns myself, I just have to change the gateway to wan in system> general settings manually.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.