How do you Seperate DNS from WAN and VPN

comet424

hi
my topic maybe wrong for what im asking for..

I trying to figure out my sons ps4 when he visits to get a open nat..I turn vpn off when he visits and such.. but im tired of doing that... if I don't have my vpn running works fine.. if I enable the vpn that's only for the computers then it fails.
so what I have setup is
wan interface (xbox360 ps4)
vpn interface (all my computers )
they are all on the same network
when I run www.dnsleaktest.com what I find is
it works and doesn't work
vpn (gets vpn ip address and 1 dns server the vpns)
wan(gets the ISP address but it gets vpns dns and not the ISP)
so it gets doubled nated

how do I make sure devices using the WAN interface uses the ISP DNS
and also makes sure VPN just uses VPN DNS

I tried doing DNS Resolving and choosing VPN and WAN to resolve but I found then the VPN was leaking its dns so it showed up my ISP and VPN...

can it be done on the same network... or do you need a separate network and then 2 dns resolvers 1 for VPN and 1 for WAN...

stephenw10

Probably your VPN provider is pushing a new default route to pfSense and that changes what Unbound uses to query root servers.
That is assuming you're running Unbound and it's in resolving mode.

That's not double NAT though unless your VPN provider is also giving you a private IP address.

You could try setting a static DHCP lease for the PS4 and handing it a DNS server to use directly rather than using Unbound in pfSense. If you already have policy routing in place for it then all it's traffic, including dns queries, will use the WAN dircetly regardless of the VPN status.

Steve