Adult Content Blocking through OpenDNS after routing traffic through Openvpn

TFTQKX · Apr 26, 2019, 3:15 AM

login-to-view I would like to configure my PFsense in the order of the picture shown. I want to have this configuration as I noted that Adult content blocking is not effective in PFBlockerNG option. A lot of sites are getting pass through it. Please, could someone help me configure?

bmeeks · Apr 26, 2019, 1:07 PM

My suggestion is to really simplify this design down a bit. I assume, since you want to block adult content, that you have teens or younger ones in the house who use the Internet. Ditch the VPN. You will find it's going to cause you a lot of grief with many (if not all) of the popular streaming services such as Netflix, Hulu, Amazon, etc. That's because the streaming providers block traffic from the known VPN network blocks. They do this because a lot of folks (not implying you do) use the VPN to circumvent geo-restrictions on viewing content. Streaming providers are not the only ones who block VPN provider networks. More and more sites are starting to do that because the VPN networks are becoming popular spamming origins. In fact, if you do some quick research here, you will find a number of users in the recent past have been blocked from accessing this forum because of this (VPN networks being blocked due to spamming).

There really is no pressing need for pfBlockerNG either in most home networks. So just remove the VPN and pfBlockerNG and then configure the DNS Forwarder in pfSense to forward requests to OpenDNS. Disable the DNS Resolver and enable the DNS Forwarder, then you're done. Implicit in this recommendation is that you keep all of you devices (PCs, tablets, phones, etc.) updated with all of the latest security patches from the vendor and that you have an active and up-to-date antivirus client on your PCs. Windows 10's built-in Defender is fine and Microsoft Security Essentials is fine for Windows 7. Both products are free.

TFTQKX · Apr 26, 2019, 2:57 PM

Thank you for the response and suggestion. But I have some limitations. My ISP blocks all VOIP services and hence, I need a VPN to overcome the same. With regard to pfBlockerNG, it is used to block ads on the network.

highc · Apr 27, 2019, 9:23 AM

Maybe you could explain a bit, where you want OpenDNS to be used? On the clients in your LAN?

You might be able to point the clients to a DNS service on your pfsense, and use the DNS forwarder in pfsense to forward requests to opendns? You could then, e.g., hand out the pfsense's IP as DNS to the local clients (e.g. via dhcp).

Just be aware that changing the DNS IP on the clients is simple. To enforce your DNS, you'd need to follow something like this

johnpoz · Apr 27, 2019, 9:57 AM

@TFTQKX said in Adult Content Blocking through OpenDNS after routing traffic through Openvpn:

My ISP blocks all VOIP services

Why would they do that? VOIP traffic is pretty freaking low amount of bandwidth... I mean really low.. You watching 1 movie would equate to 1000s if not 100's of thousands of voip calls.

Bandwidth for your typical voip call is going to be less than 100kbps..

stephenw10 · Apr 28, 2019, 5:43 PM

Presumably to force you to purchased their VoIP offering.

It should be relatively easy to do this by either handing the OpenDNS servers top client to use directly or by having clients use pfSense for DNS and have that forward to OpenDNS. In either case be sure to block or redirect DNS connections to other servers directly.

Steve