Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    DNS Leak OpenVPN-Client Solution

    Scheduled Pinned Locked Moved Firewalling
    1 Posts 1 Posters 185 Views 1 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Bob.DigB Offline
      Bob.Dig LAYER 8
      last edited by Bob.Dig

      So I did some testing with this site https://www.dnsleaktest.com but it seems kinda hard because sometimes I needed to reboot pfSense to get meaningful results... Anyway, I came up with this, which seems to work for me...
      1.JPG
      The "NAT-IP" is the DNS-Server of the VPN-Provider.

      My goal was not to have to define that DNS-server for every client which uses that VPN in the dhcp-Server but leave the default there (pfSense).

      So I wish some of the Pros around here could take a look at it and "rate" my solution. Like I said, testing wasn't easy for me.
      If it is any good, I want to ask If I could do anything about the following: If that DNS-Server goes offline, where to put the second DNS-Server the VPN-Provider provided...

      Also interesting was the firewall rule for that. In my testing it made a difference when the first marked rule was at the bottom. So I guess the VPN-redirect-rule in the middle didn't got activated because of the NAT-Redirect by the firewall and then got loose because of the default allow LAN to any rule. So that DNS-rule with that VPN-Gateway had to go to the top.
      23.JPG

      I use the DNS-Resolver without forwarding in pfSense and also have a vpn-killswitch defined as a floating rule via tagging.
      4.JPG

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.