Creating OpenVPN IPVanish client setup without DNS leaks
-
Ok I have decided to update this subject after research, configuration, and testing. I have a fully operational client without DNS leaks. I have been testing the DNS leaks for several days (weeks) and have not had any issues thus far. I am able to specify which IP addresses go through the VPN and which go through the WAN. Also there are no DNS leaks on the WAN side either. This is good for my situation but may not be for others. I have noticed it does effect Amazon Geo Restrictions if you stream movies from Amazon but does not seem to effect music streaming. Other than that everything else seems to be working great. Let's get started.
Thank you to HypeTelecon for your initial work on the IPVanish client setup.
Follow this guide for the initial configuration and setup: https://forum.pfsense.org/index.php?topic=66467.msg362658#msg362658 in this guide skip the sections listed below as they no longer apply.
[Create the IPVanish auth file]
Also you do not need to paste the Advanced Config file.When you configure your Outbound NAT rules be sure to set to Manual. If the rules have not been configured already please write the rules for your VPN interface. It may be deceiving as the VPN will connect but without the proper Outbound NAT rules no traffic will be routed through the VPN. In my situation I was able to copy the existing Outbound rules and just changed the interface to the VPN interface.
Once the client is configured and connected to the VPN network write alias rules for the IP addresses you want to go through the VPN and WAN. Create the appropriate firewall rules and associate the aliases to the interface (Gateway) you wish the traffic to be routed.
Preventing DNS leaks:
Following this may complicate some Geo Restrictions for example with Amazon Video. You will just have to test it to verify.Under General setup set your DNS servers to Google for example and uncheck DNS Server Override.
Now under Routing set your default interface to use your VPN interface. With this selected DNS leaks are prevented on both the VPN and WAN interfaces. Run IPleak.net to test. Test both the VPN and the WAN. You should see a difference in public IP address. If everything is configured correctly you will see Google in the DNS requests instead of your ISP provider.Hope this helps all the IPVanish users. If you find correction that I have missed please comment so that others can use the setup.
Thank you and good luck.
-
Preventing DNS leaks:
Under General setup set your DNS servers to Google for example and uncheck DNS Server Override.This step is unnecessary and adds a man in the middle. pfSense by default will resolve your DNS requests to the Root DNS servers.
All this step does is sends all of your DNS requests to Google, Google gets the DNS information from the Root DNS servers.
If you just skip this step entirely, then your requests go straight to the Root DNS servers and keep Google out of it.Now under Routing set your default interface to use your VPN interface.
This is all you need to do to add anonymity to your DNS queries.
-
Thank you for the clarification. I did need to uncheck the DNS Server Override though cause otherwise my DNS would leak showing my ISP DNS. I will test your setup to be sure I didn't miss something.
-
Yeah you are correct to turn that off.
All that does is allow your DHCP server to override your settings.
Check these articles out:
https://doc.pfsense.org/index.php/Unbound_DNS_Resolverhttps://doc.pfsense.org/index.php/Redirecting_all_DNS_Requests_to_pfSense
https://doc.pfsense.org/index.php/Blocking_DNS_queries_to_external_resolvers