Working Blocking with fast CLOUDFLARE DNS - incl Torguard VPN

  • Hi All.

    I have been trying to solve pfblocker not working together with CLOUDFLARE incl several others DNS outside my current VPN DNS. so i thought some of you might comment if i have a done something right or not.

    my setup has two torguard VPN connections, running a double VPN client load-balanced gateway with torguard DNS and pfblockerNG with alot of lists >. this worked very nice.! SLOW response times when browsing though!

    My issue was simple, I got frustrated of the >40ms delay using the Torguard VPN DNS, and wanted to use Cloudflare DNS to get below 20ms.

    This would primarily optimize my surfing experience. using the fastest DNS possible. ->

    What i did to the setup to make pfBLOCKERNG work!! was

    1. in my DNS resolver i enabled: DNS Query Forwarding Enable Forwarding Mode
    2. used the two CLOUDFLARE DNS IPs in SYSTEM-GENERAL SETUP , setting one for each VPN tunnel gateway. ( i have two clients since my pfsense unit is a dual core Qotom capable of maxing out my 300Mbit downstream on vpn currently )
    3. Then I created a whitelist automatically and then changed the IPs to all the Cloudflare ones. incl the DNS and
    4. In firewall i created an alias of all the CLOUDFLARE IPs using NETWORK(s) as type, and create a pass rule for both WAN/LAN

    Now reloading pfblockerNG and rebooting several times, i simply cannot make pfBLOCKERNG crash or misbehave which happened a lot of times when experimenting with Cloudflare/opendns/quad9 etc DNS setup. especially the DNSBL log was not responding etc..

    Are you able to get a working pfblockng with cloudflare doing the same ? And is this the right way to make it run smootly ?

    currently i have 4.5 mio counts on my blocklists, and everytime i reset log, and visit it show exstensive block logs in both IPs and DNSBL.

    it simply works now.. doing <14 ms respons timing on DNS making my browsing experience very fast moving.. eventhough its over VPN.

  • If you're looking for an explanation for this behavior I would try doing some lookups using Akamai's Who Am I tool, which should show you where your queries are coming from when using your VPN:

    You could trace route this result or maybe even just see where it is on a map in relation to your VPN host. Cloudflare has a lot of datacenters and it's possible it's a faster route or simply closer to your VPN host than the host's own DNS, even though that would seem a strange configuration.

  • i already done this.. Torguard has 4 DNS servers, and the fastest two i used is in france.
    since im from scandinavia, using cloudflare DNS servers from the same city i live in makes the response timings go from above 40ms to under 20 ms.. avarage 14 ms..

    this makes my browsing much less inpatient