2 separate openvpn connections with no dns leaking?



  • Is it possible to setup pfsense so that it will connect to 2 openvpn connections but isolate them from each other on the network with no dns leaking?

    Currently i have 2 internet connections coming into the house and 2 PC’s in a cupboard on my local home network that each take their internet from one of those connections. On those PC’s is pfsense which creates a permanent openvpn connection through one of the internet connections allowing me to switch between using 2 secure openvpn connections on different computers on the network whenever i need to.

    The problem is the cupboard gets hot so I’ve been trying to achieve the same thing on just 1 computer. I’ve just brought a new computer that has AES-NI enabled and had intended to use it to create 2 virtual instances of pfsense using virtualbox or vmware but while this worked in a technical sense it failed in the practical because when i used both connections at the same time and maxed out the speed the processor couldn’t cope and speeds slowed.

    So now I’m looking to do what i considered to be the harder route to take given how i have little knowledge and experience with firewalls and routing which pfsense seems to be all about.

    My end goal now is to have 1 PC running 1 instance of pfsense while simultaneously offering 2 separate openvpn connections on the network via 2 different internet connections. I don’t want load balancing. I want 2 separate openvpn connections going down 2 separate internet connections completely independent of each other and like they exist on 2 separate computers.

    I’ve gotten things setup to 90% of what I’m trying to achieve. I’ve put 4 network cards in the PC and configured them so i have WAN1, LAN1, OPT1 and WAN2, LAN2, OPT2. I already had WAN1, LAN1 and OPT1 working with both a kill switch and no dns leaking and have managed to get the kill switch to work when both connections are active. The problem is no matter what i try 1 of the openvpn connections  keeps showing the others IP as its dns server.

    I don’t really have a clue about what I’m doing in pfsense unfortunately. I managed to get 1 connection working by following a guide but i cant find one that is as simple to follow that explains how to do 2. After hours of fiddling with random settings i’m starting to get frustrated so was wondering if someone can tell if what i want is even possible and if it is how difficult it would be to actually achieve when you have no idea about how firewalls/routing works? I fear its going to require more in-depth configuring then I’m going to understand.

    Given limited testing my assumption is that it seems like when i make that first openvpn connection everything works according to plan and there is no dns leaking for that connection. As soon as i make the second connection however for some reason that second connection’s dns are set up to be the first connections IP. If i then disable the first connection and let the second connection connect upon reconnecting the first connection it starts showing the second connections IP as its dns server instead.

    Worst still if i disable one of them, say OPT2, and run a  dnsleak check on OPT1 it starts showing my actual IP!