Help pls - DNS leaks with vpn tunnel.
-
Howdy,
I'm really new to pfSense, and just got a config going recently with policy based routing for certain hosts to go out my OpenVPN tunnel. That's working, however I have DNS leaks (showing my ISP DNS).
In "general setup" I've entered my VPN company DNS servers.
My clients currently have the firewall LAN IP as their DNS server. I'm afraid I'm struggling to understand where to start looking. There are many settings in the DNS Resolver config, so I'm not sure what I might have wrong or missing.
-
Hi,
So this is an "VPN question", not a DNS one : your DNS is working.
@prairiesailor said in Help pls - DNS leaks with vpn tunnel.:
In "general setup" I've entered my VPN company DNS servers.
Maybe .... but these aren't used.
You use the Resolver, that questions the root Internet DNS servers.
If you want to use the DNS servers you supplied on "General settings", you should use the DNS Forwarder.The Resolver doesn't use your ISP DNS servers : where did they came from ? How dit you setup your WAN / other general settings ?
In the OpenVPN forum you will find many threads talking about leaking DNS. If often boils down to "not knowing what DNS is and how it workd" with a nice touch "not using the default settings so things go bad".
Your pfSense is set up as a OpenVPN client, and you connect to an OpenVPN service ?
-
@gertjan said in Help pls - DNS leaks with vpn tunnel.:
Hi,
So this is an "VPN question", not a DNS one : your DNS is working.
@prairiesailor said in Help pls - DNS leaks with vpn tunnel.:
In "general setup" I've entered my VPN company DNS servers.
Maybe .... but these aren't used.
You use the Resolver, that questions the root Internet DNS servers.
If you want to use the DNS servers you supplied on "General settings", you should use the DNS Forwarder.The Resolver doesn't use your ISP DNS servers : where did they came from ? How dit you setup your WAN / other general settings ?
In the OpenVPN forum you will find many threads talking about leaking DNS. If often boils down to "not knowing what DNS is and how it workd" with a nice touch "not using the default settings so things go bad".
Your pfSense is set up as a OpenVPN client, and you connect to an OpenVPN service ?
My WAN connection is using just DHCP, so I assume the DNS servers are being handed out via DHCP from the ISP.
My firewall is setup with a single WAN connection, and an OpenVPN tunnel. I have setup a firewall rule to take traffic from certain hosts and use the tunnel as the gateway for those hosts.
We all have to learn sometime don't we. I wouldn't say things "have gone bad". I'm quite happy that everything is going quite well, and that the OpenVPN is working, along with my source-based rule. Only one thing not working...that's the DNS leak.
-
@prairiesailor said in Help pls - DNS leaks with vpn tunnel.:
so I assume the DNS servers are being handed out via DHCP from the ISP.
Most likely yes your ISP would hand out dns via dhcp.. But out of the box pfsense doesn't use those - it resolves via unbound..
So either just forward to your vpn dns, or resolve through the vpn connection by changing unbound to use your vpn connection for its outbound queries..
-
@johnpoz said in Help pls - DNS leaks with vpn tunnel.:
So either just forward to your vpn dns, or resolve through the vpn connection by changing unbound to use your vpn connection for its outbound q
Exact.
But keep in mind / check this : if unbound starts before the openvpn tunnel, what will happen ?Also : keep in mind that if you use the Forwarder, by default it will use all available interfaces to question DNS servers up stream. It should be limited to the OpenVPN tunnel interface.
