Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Working Blocking with fast CLOUDFLARE DNS - incl Torguard VPN

    pfBlockerNG
    2
    3
    808
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • ressurexR
      ressurex
      last edited by

      Hi All.

      I have been trying to solve pfblocker not working together with CLOUDFLARE incl several others DNS outside my current VPN DNS. so i thought some of you might comment if i have a done something right or not.

      my setup has two torguard VPN connections, running a double VPN client load-balanced gateway with torguard DNS and pfblockerNG with alot of lists >. this worked very nice.! SLOW response times when browsing though!

      My issue was simple, I got frustrated of the >40ms delay using the Torguard VPN DNS, and wanted to use Cloudflare DNS to get below 20ms.

      This would primarily optimize my surfing experience. using the fastest DNS possible. ->https://www.grc.com/dns/benchmark.htm

      What i did to the setup to make pfBLOCKERNG work!! was

      1. in my DNS resolver i enabled: DNS Query Forwarding Enable Forwarding Mode
      2. used the two 1.1.1.1/1.0.0.1 CLOUDFLARE DNS IPs in SYSTEM-GENERAL SETUP , setting one for each VPN tunnel gateway. ( i have two clients since my pfsense unit is a dual core Qotom capable of maxing out my 300Mbit downstream on vpn currently )
      3. Then I created a whitelist automatically and then changed the IPs to all the Cloudflare ones. https://www.cloudflare.com/ips/ incl the DNS 1.1.1.1 and 1.0.0.1
      4. In firewall i created an alias of all the CLOUDFLARE IPs using NETWORK(s) as type, and create a pass rule for both WAN/LAN

      Now reloading pfblockerNG and rebooting several times, i simply cannot make pfBLOCKERNG crash or misbehave which happened a lot of times when experimenting with Cloudflare/opendns/quad9 etc DNS setup. especially the DNSBL log was not responding etc..

      Are you able to get a working pfblockng with cloudflare doing the same ? And is this the right way to make it run smootly ?

      currently i have 4.5 mio counts on my blocklists, and everytime i reset log, and visit https://pi-hole.net/pages-to-test-ad-blocking-performance/ it show exstensive block logs in both IPs and DNSBL.

      it simply works now.. doing <14 ms respons timing on DNS making my browsing experience very fast moving.. eventhough its over VPN.

      1 Reply Last reply Reply Quote 0
      • K
        kevinmitky
        last edited by

        If you're looking for an explanation for this behavior I would try doing some lookups using Akamai's Who Am I tool, which should show you where your queries are coming from when using your VPN:

        https://developer.akamai.com/blog/2018/05/10/introducing-new-whoami-tool-dns-resolver-information

        You could trace route this result or maybe even just see where it is on a map in relation to your VPN host. Cloudflare has a lot of datacenters and it's possible it's a faster route or simply closer to your VPN host than the host's own DNS, even though that would seem a strange configuration.

        1 Reply Last reply Reply Quote 1
        • ressurexR
          ressurex
          last edited by

          i already done this.. Torguard has 4 DNS servers, and the fastest two i used is in france.
          since im from scandinavia, using cloudflare DNS servers from the same city i live in makes the response timings go from above 40ms to under 20 ms.. avarage 14 ms..

          this makes my browsing much less inpatient

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.