Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    How to fix a DNS leak?

    Scheduled Pinned Locked Moved OpenVPN
    1 Posts 1 Posters 2.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      baldrick
      last edited by

      Hi all,

      I have setup OpenVPN Client IPVanish on my pfsense box. It connects fine, works fine. Previously I had unchecked "don't pull routes" and, while the VPN then worked fine with no leak, that broke several things on my network so I had to check the box to switch it off.

      With "don't pull routes" checked it still connects fine, and traffic goes through it - but I have a DNS leak.

      I have one client on my network, with a static lease set under the DHCP server, that is supposed to have its traffic piped through the VPN client.
      What I have set:

      • Under "System - General Setup" I have specified the Google DNS servers. "DNS server override" is unchecked.
      • Under "Services - DHCP server - LAN" I have specified the Google DNS servers.
      • Under the "DHCP Static Mappings for this Interface" at the bottom of the DHCP server page I have edited the IP of the client that goes through the VPN and set "DNS Servers" there to 198.18.0.1 and 198.18.0.2 respectively for the IPVanish DNS servers.

      To force this client I setup an outbound rule setting the VPN client as this IP's gateway, and made that the first rule in the list (and this works - client is definitely going out via VPN).

      When I do a DNS leak test on that machine, it shows that the connecting IP is the IP I got from my VPN provider.
      However when the DNS leak tests continues it shows my own public IP as the DNS IP.

      DNS Resolver is active on the network to do local host name resolution. Do I need to somehow switch this off for the VPN traffix box and if so, how?

      Many thanks,

      Baldrick

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.