Multiple OpenVPN clients leaks DNS between them



  • Hi,

    I have three OpenVPN clients, with assinged interfaces: VPN_SE, VPN_UK and VPN_US and the all have their own gateway.
    Then I have DNS Resolver service running with all three OpenVPN interfaces marked as Outgoing Network Interfaces.

    To determin that goes thrugh which gatewat I have set up three alias, one for each OpenVPN gateway

    Everything works like I want, except that when I test for dnsleak, https://www.dnsleaktest.com/, I get all three gateway addresses no matter which OpenVPN gateway I go out through.

    So, I guess I somehow have att firewall rules to block DNS traffic from the two OpenVPN gateways I'm corrently not using, the question is how?



  • This post is deleted!


  • The DNS traffic from unbound originates from the firewall itself, and as far as I'm aware there is no way to apply firewall rules to traffic originating from the firewall. If you set outgoing interfaces for unbound, it's allowed to use any/all of them at any time. Now, you could disable both the forwarder and the resolver, which would assign all your LAN clients the DNS servers that you have configured in System > General Setup instead of the pfSense machine's LAN IP. Then those clients' DNS queries would be policy routed like any other traffic. So if you have a firewall rule to set the gateway for host A to VPN_UK, then all of host A's DNS queries would be routed through VPN_UK as well.



  • @thenarc

    Ok, I will try that. Thanks!