Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OVPN client setup problem- big unexplained DNS traffic

    Scheduled Pinned Locked Moved OpenVPN
    1 Posts 1 Posters 344 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      gryest
      last edited by gryest

      Hi Everybody,
      I've being testing how OVPN will work with my setup on pFSense router.
      I followed setup from PureVPN site (provider I currently using) + Strong VPN and this site.
      In short, I created OVPN client, entered CA and certificate, set all required fields. The other problem with Pure VPN, their site show instruction actually for pFSense 2.3.5 but posted as v.2.4.2 (misleading)
      Never mind, I've being using their VPN occasionally on Win/Linux PC with mostly positive experience.
      One of the goals, was to make OVPN available for any LAN client as I assign Host IP Alias for LAN firewall rules directing to created for VPN dedicated Gateway with dynamic settings. Also I have using additional floating rule/tag for NO_WAN_EGRESS and NO_VPN_EGRESS
      Everything was OK and no DNS leaks and worked for some time for basic internet browsing. However, after attempting to download some large file 1-2G (software package), VPN traffic stopped, then I lost WAN connection, then I started to see big IN/OUT DNS traffic to about 200 DNS/root servers. Snort rejected most of them with following messages SID:
      -Attempted User Privilege Gain
      PROTOCOL-DNS TMG Firewall Client long host entry exploit attempt SID 3:19187
      Attempted Information Leak
      PROTOCOL-DNS potential dns cache poisoning attempt - mismatched txid SID 3:19187
      In order to restore my WAN connection I had to delete OVPN client, gateway, suspend LAN OVPN gateway rules, NAT manual outgoing rules to VPN gateway, restart router.
      I got back my WAN connection but still seen a lot of DNS requests IN/OUT of router not initiated by any of my LAN devices. It was firewall itself. In order to stop those, I've had to return some original settings back such as:
      System/General Setup/DNS Server settings: DNS Server Override (v) checked
      Services/General Settings/DNS Query Forwarding: Enable Forwarding mode (v) checked
      Can you please enlighten me what goes wrong or what am I missing?
      Is some how firewall being compromised?

      Edit. The only ideas I've got from other post: may be it won't work without subLAN separation because looks like I have to disable DNS resolver for those VPN hosts and looks like it's impossible for IP's on the same LAN where other clients using WAN gateway. But it may be part of the problem only.... or not problem at all.
      Thanks

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.