Is it just easier…



  • So somehow or some way I have a DNS leak using PIA's DNS servers.
    I've attempted to follow the various "how to's" presented both here and from PIA, but the leak remains.
    Would it be easier to uninstall the entire openvpn program, flush all of the associated settings, and start from scratch? Or some of that?
    Ideas?


  • Netgate

    Probably not. A broken config will probably still be broken.

    What is the flow of your DNS starting with the DNS servers the clients are being told to use?



  • 209.222.18.222
    Modem, 216.227.XXX.XXX
    PFSense
    PC

    I hope that is what you wanted.


  • Netgate

    Might help if you actually explain your setup instead of being so terse requiring assumptions be made.



  • PC to a Linksys router in bridge mode, cheap DIY box running 2.4.2-RELEASE-p1 (amd64) with 4gb of ram, DHCP server, pfblockerg and squid, to DSL modem.
    When I check the DNS settings, it comes up as a PIA address, but when I test using dnsleaktest.com it shows my actual address, not the PIA one.


  • Rebel Alliance Global Moderator

    "and squid"

    And you setup squid to use whatever dns you want? This 209.222.18.222 IP?  You do understand using a proxy, the client asks the proxy to go to www.domain.tld for it… So the proxy looks that fqdn up.. not the client.



  • Wouldn't squid use whatever DNS servers I specify?

    Initially when I set this box up, I wasn't using any VPN. Then I think you helped me out with using openvpn to the actual box, which worked great until I decided I wanted to anonymize my traffic.



  • I'm thinking my idiot ass needs to read the freaking manual. Again.
    I do own Mastering PFSense by David Zientara and pfsense 2 cookbook by Matt Williamson.


  • Rebel Alliance Global Moderator

    squid will use the system dns… So normally that would be the resolver (unbound) resolving so yes it would list your IP in some sort of dnsleak test because your resolving.  If you want the resolver to go down your vpn to resolver, then set it outbound interface to be your vpn interface..



  • Amazing what a little "light" reading can do for you, that and stepping away from it all when your eyes feel like they have sand in them.
    Opted to restore my pfsense install from a period before I started trying to hide my traffic.
    Worked great. Then I followed a more recent DIY to install openvpn and PIA, and what do you know, it freaking worked. I even went to a bunch of dns leak test sites, and voila, NO MORE DNS LEAKS!
    My traffic is protected from prying eyes, and my children can't see things that they won't forget by using pfblockerng

    However, this leaves me without the ability to remote into my pfsense box from work. Another project for another day!