DNS Resolver

dastrix

I am running ExpressVPN on my pfsense but still getting my IP leaked and DNS leaks, i have followed lots of other forum posts.

I have DNS Resolver enabled and DNS Forwarder disabled

However i am finding my clients cant resolve anything unless i have a dns server set in

General Setup - DNS Server

Grimson

@dastrix said in DNS Resolver:

However i am finding my clients cant resolve anything unless i have a dns server set in

General Setup - DNS Server

Which is expected when you turn on DNS Query Forwarding. Do some RTFM https://www.netgate.com/docs/pfsense/book/services/dns-resolver.html

dastrix

I should have said if i turn that off enable forwarding mode and remove DNS server from general page i cant resolve anything

Gertjan

@dastrix said in DNS Resolver:

I should have said if i turn that off enable forwarding mode and remove DNS server from general page i cant resolve anything

unbound - the Resolver - will contact the 13 main root DNS servers on any (all) interface by default.
Outgoing Network Interface, by default, is "all".
This means, when unbound starts, it will try ALL interfaces. Also LAN and other interfaces that won't route to, for example "198.41.0.4" (one of the main root servers).
IF your EXPRESSVPN wont route to "198.41.0.4" at startup (startup of unbound) this interface will be fagged as "probably not" (don't use). Maybe it wasn't UP yet at that time ?
The question is : is your EXPRESSVPN interface UP before unbound gets launched ?
Test : when the EXPRESSVPN interface is up, restart unbound. Then it should resolve. because the connection EXPESSVPN is up. If not, the VPN is the problem.

lovan6

Getting ExpressVPN to work properly on Pfsense is difficult. You have to start from scratch by doing a factory reset to begin with.

Messing with Pfsense DNS resolver is not gonna fix your problem. There are ways to do it right.

The provided ExpressVPN tutorial on Pfsense is half baked.

Send me a pm and I can provide you with a link.

bcruze

this is a guaranteed fix for me. with 3 different providers. since can't get the resolver to do what i want it to either.

services > dhcp server = assign static addresses to the devices you want to resolve through the personal VPN. once static is set edit the mapping and under DNS servers. plugin the vpn providers static DNS servers.

reboot the computer and it will pass your leak test.

i don't use express. but i am interested in any reading as well. i may be able to test/ apply it to my service? thank you