DNSBL through OpenVPN



  • I have setup an OpenVPN server on my box and am living abroad for a while.
    It is setup as a tunnel and to force all client generated traffic through the tunnel.

    On the pfSense box I have pfBlockerNG setup with DNSBL to get rid of adds.
    My hope was that this would greatly help me while I am abroad with a slow internet connection.  But unfortunately it is not working and I am getting every single Ad…

    My network has no dedicated DNS and no VLANs.
    My LAN is X.Y.1.0/24 and in OpenVPN my clients are set to X.Y.2.1 and can access the X.Y.1.0/24 subnet.
    I have done a DNS leak test and I end up with Google servers while I have done the DNS leak test outside of the VPN and I get local DNS servers.
    In OpenVPN I do not have "DNS Server enabled" since I'm not sure if this will work.  I can't risk the chance of going several more months without my VPN connection, but I am really tired of Ads and my internet connection is so slow in this country and I really want to maximize my bandwidth for content rather than Ads.

    Any help would be greatly appreciated.

    Thanks!!!


  • Rebel Alliance Global Moderator

    Why are you hiding your rfc1918 address space on your network??  Unless maybe your running public on your lan and vpn tunnel network?

    If your vpn client is not using pfsense for DNS..  Then no pfblockerng dnsbl isn't going to be able to do anything for your vpn client.  Point your vpn client to use pfsense for dns and then the dnsbl can work to block adds.



  • That was the encouragement I needed….
    It worked!

    Thank you!


  • Rebel Alliance Global Moderator

    In the future there is no need to hide or try and obfuscate your local address space (rfc1918) ie 192.168/16, 10/8, 172.16/12

    We all use the same addresses, it does not route on the internet.  If I tell you I use 192.168.9.0/24 and my machines address is 192.168.9.100 and my vpn clients use 10.0.8/24 as their tunnel.  It doesn't give away anything at all that could be used to find you or know who you are, etc. etc.

    To me hiding it does 2 things, it make it harder to understand so can help, and 2nd thing is it makes me think the person posting is not the bright bulp in the pack when it comes to networking.. Should prob talk to them like they are 3 going on 4 years old and had a hard time in preschool with learning their colors ;) heheheeh  You know the kid sitting in the corner drooling eating glue..