Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Is it just easier…

    Scheduled Pinned Locked Moved OpenVPN
    10 Posts 3 Posters 1.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • mtarboxM
      mtarbox
      last edited by

      So somehow or some way I have a DNS leak using PIA's DNS servers.
      I've attempted to follow the various "how to's" presented both here and from PIA, but the leak remains.
      Would it be easier to uninstall the entire openvpn program, flush all of the associated settings, and start from scratch? Or some of that?
      Ideas?

      Si vis pacem, para pactum.

      1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate
        last edited by

        Probably not. A broken config will probably still be broken.

        What is the flow of your DNS starting with the DNS servers the clients are being told to use?

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • mtarboxM
          mtarbox
          last edited by

          209.222.18.222
          Modem, 216.227.XXX.XXX
          PFSense
          PC

          I hope that is what you wanted.

          Si vis pacem, para pactum.

          1 Reply Last reply Reply Quote 0
          • DerelictD
            Derelict LAYER 8 Netgate
            last edited by

            Might help if you actually explain your setup instead of being so terse requiring assumptions be made.

            Chattanooga, Tennessee, USA
            A comprehensive network diagram is worth 10,000 words and 15 conference calls.
            DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
            Do Not Chat For Help! NO_WAN_EGRESS(TM)

            1 Reply Last reply Reply Quote 0
            • mtarboxM
              mtarbox
              last edited by

              PC to a Linksys router in bridge mode, cheap DIY box running 2.4.2-RELEASE-p1 (amd64) with 4gb of ram, DHCP server, pfblockerg and squid, to DSL modem.
              When I check the DNS settings, it comes up as a PIA address, but when I test using dnsleaktest.com it shows my actual address, not the PIA one.

              Si vis pacem, para pactum.

              1 Reply Last reply Reply Quote 0
              • johnpozJ
                johnpoz LAYER 8 Global Moderator
                last edited by

                "and squid"

                And you setup squid to use whatever dns you want? This 209.222.18.222 IP?  You do understand using a proxy, the client asks the proxy to go to www.domain.tld for it… So the proxy looks that fqdn up.. not the client.

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 24.11 | Lab VMs 2.8, 24.11

                1 Reply Last reply Reply Quote 0
                • mtarboxM
                  mtarbox
                  last edited by

                  Wouldn't squid use whatever DNS servers I specify?

                  Initially when I set this box up, I wasn't using any VPN. Then I think you helped me out with using openvpn to the actual box, which worked great until I decided I wanted to anonymize my traffic.

                  Si vis pacem, para pactum.

                  1 Reply Last reply Reply Quote 0
                  • mtarboxM
                    mtarbox
                    last edited by

                    I'm thinking my idiot ass needs to read the freaking manual. Again.
                    I do own Mastering PFSense by David Zientara and pfsense 2 cookbook by Matt Williamson.

                    Si vis pacem, para pactum.

                    1 Reply Last reply Reply Quote 0
                    • johnpozJ
                      johnpoz LAYER 8 Global Moderator
                      last edited by

                      squid will use the system dns… So normally that would be the resolver (unbound) resolving so yes it would list your IP in some sort of dnsleak test because your resolving.  If you want the resolver to go down your vpn to resolver, then set it outbound interface to be your vpn interface..

                      An intelligent man is sometimes forced to be drunk to spend time with his fools
                      If you get confused: Listen to the Music Play
                      Please don't Chat/PM me for help, unless mod related
                      SG-4860 24.11 | Lab VMs 2.8, 24.11

                      1 Reply Last reply Reply Quote 0
                      • mtarboxM
                        mtarbox
                        last edited by

                        Amazing what a little "light" reading can do for you, that and stepping away from it all when your eyes feel like they have sand in them.
                        Opted to restore my pfsense install from a period before I started trying to hide my traffic.
                        Worked great. Then I followed a more recent DIY to install openvpn and PIA, and what do you know, it freaking worked. I even went to a bunch of dns leak test sites, and voila, NO MORE DNS LEAKS!
                        My traffic is protected from prying eyes, and my children can't see things that they won't forget by using pfblockerng

                        However, this leaves me without the ability to remote into my pfsense box from work. Another project for another day!

                        Si vis pacem, para pactum.

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.