Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    DNS leak with wireguard site-to-site with windscribe

    WireGuard
    3
    3
    1.1k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      tigs
      last edited by

      I was able to setup windscribe wireguard on Pfsense 2.5 box. But I can't solve the DNS leak problem.

      I have two LANs: LAN and LAN2. LAN is setup for the wireguard; LAN2 is for openDNS shield.

      Under each DHCP server, I have added respective DNS server for windscribe and openDNS.

      DNS resolver: default with all interfaces included.

      General Setting DNS server: blank, DNS server override unchecked.

      with above setting, ipleak.net showed I am using my ISP address as DNS server.

      The only way I can prevent leak is add DNS servers in the General Setting, and enable DNS forwwarding in resolver. The problem is I can no longer isolate the two LAN networks. I put windscribe DNS server and associate it with wireguard gateway; opendns server and associate them with WAN gateway.

      This stops the leak, but the wireguard network is also going through openDNS through openDNS server and all the filters applies as well.

      any idea?

      I have spent a lot of time working the different combination resolver. no help.

      I have also tried static IP address, no help either

      X 1 Reply Last reply Reply Quote 0
      • X
        xxGBHxx @tigs
        last edited by

        @tigs said in DNS leak with wireguard site-to-site with windscribe:

        I was able to setup windscribe wireguard on Pfsense 2.5 box. But I can't solve the DNS leak problem.

        I have two LANs: LAN and LAN2. LAN is setup for the wireguard; LAN2 is for openDNS shield.

        Under each DHCP server, I have added respective DNS server for windscribe and openDNS.

        DNS resolver: default with all interfaces included.

        General Setting DNS server: blank, DNS server override unchecked.

        with above setting, ipleak.net showed I am using my ISP address as DNS server.

        The only way I can prevent leak is add DNS servers in the General Setting, and enable DNS forwwarding in resolver. The problem is I can no longer isolate the two LAN networks. I put windscribe DNS server and associate it with wireguard gateway; opendns server and associate them with WAN gateway.

        This stops the leak, but the wireguard network is also going through openDNS through openDNS server and all the filters applies as well.

        any idea?

        I have spent a lot of time working the different combination resolver. no help.

        I have also tried static IP address, no help either

        Can't you put a FW rule that blocks the one subnet from accessing the DNS of the other subnet? It will then fail/timeout and resort to trying the other DNS server which will then work?

        So setup two quick floaters

        LAN block Port 53 to openDNS
        LAN2 block Port 53 to Windscribe

        It's cludgy but that might work

        G

        1 Reply Last reply Reply Quote 0
        • ManateeM
          Manatee
          last edited by

          @tigs this seems to me like the issue I'm currently facing. Unfortunately I haven't found a solution yet. 😩 Neither did @xxgbhxx's idea work for me. I suspect in-depth knowledge of the inner-workings of pfSense/FreeBSD/the WireGuard module(?) is required to figure out what's going on. On my installation the DNS resolver would even use the WAN interface when it is not even selected as one of the "Outgoing Network Interfaces", which seems odd to me.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post