Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Multiple OpenVPN clients leaks DNS between them

    Scheduled Pinned Locked Moved OpenVPN
    4 Posts 3 Posters 643 Views 3 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N Offline
      no_jah
      last edited by

      Hi,

      I have three OpenVPN clients, with assinged interfaces: VPN_SE, VPN_UK and VPN_US and the all have their own gateway.
      Then I have DNS Resolver service running with all three OpenVPN interfaces marked as Outgoing Network Interfaces.

      To determin that goes thrugh which gatewat I have set up three alias, one for each OpenVPN gateway

      Everything works like I want, except that when I test for dnsleak, https://www.dnsleaktest.com/, I get all three gateway addresses no matter which OpenVPN gateway I go out through.

      So, I guess I somehow have att firewall rules to block DNS traffic from the two OpenVPN gateways I'm corrently not using, the question is how?

      1 Reply Last reply Reply Quote 0
      • B Offline
        bcruze
        last edited by

        This post is deleted!
        1 Reply Last reply Reply Quote 0
        • T Offline
          TheNarc
          last edited by

          The DNS traffic from unbound originates from the firewall itself, and as far as I'm aware there is no way to apply firewall rules to traffic originating from the firewall. If you set outgoing interfaces for unbound, it's allowed to use any/all of them at any time. Now, you could disable both the forwarder and the resolver, which would assign all your LAN clients the DNS servers that you have configured in System > General Setup instead of the pfSense machine's LAN IP. Then those clients' DNS queries would be policy routed like any other traffic. So if you have a firewall rule to set the gateway for host A to VPN_UK, then all of host A's DNS queries would be routed through VPN_UK as well.

          N 1 Reply Last reply Reply Quote 0
          • N Offline
            no_jah @TheNarc
            last edited by

            @thenarc

            Ok, I will try that. Thanks!

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.