Multiple OpenVPN mapped to different WiFi SSID (Unifi)
-
Again unbound can do this for you via views, and sure bind can do it - and while bind package has as a views section.. Your still going to have to do the config by hand..
How many clients are you going to have on this special ssid vlan? You do understand clients normally cache their own dns.. Are the clients on this vlan iot type devices that do not have a local cache of their own..
My take is you want these special vpn ssids so you can circumvent specific geo restrictions.. Keep in mind that both unbound and bind are going to be using a common cache..
So you have client look up host.domain.tld from country A, now when you have client ask pfsense for host.domain.tld but you want the answer to be the IP for country B - its just going to get the cache from country A, etc. etc..
Your going to be better off just letting the clients ask some public dns via your vpn connection... Your doing a lot of extra work for what a couple of ms of query time for what exactly... I don't think these clients you have on this country based vpns are going to be doing a lot of "user" internet browsing where cache helps, etc.
-
Is not a Ms gain, is the DNSBL feature that I need . I can sacrifice time for resolve but keep the privacy and security is what concern me the most .
About the shared cache you are right
About DHCP:
Local DNS flush is not the issue . SSID displayed as connect, no internet -
@Antonio76 It looks like you are blocking LAN in your firewall rules, but your DNS server is on your LAN. You should push 192.168.49.1 as your DNS server instead of 192.168.1.1. It should be running on all interfaces.
Alternatively you could add a firewall rule to allow access on port 53 only to 192.168.1.1.
-
@mcarson75 got it fixed via DNS forwarder (enabled) on that VLAN 49 . (I had it disabled)
Still debugging because beside click and click , I need to understand the Pfsense logic behind
-
@Antonio76 said in Multiple OpenVPN mapped to different WiFi SSID (Unifi):
is the DNSBL feature that I need
And why are you going to youporn.com? I would assume you would only go there if you wanted too.. Do you have teenage boys or something your trying to filter?
-
My take is you want these special vpn ssids so you can circumvent specific geo restrictions.
It's not always about geo restrictions. I'm an American working in Asia. All my banks and other accounts are in the US. I just feel more secure accessing them from a US-based VPN. Perhaps it's overkill. But yeah, most of the time I am browsing internet on my VPN to the US, and I want an ad-blocker.
-
@johnpoz porn list is one of my DNSBL. Don't get me wrong for the test selection :) . but DNSBL was the goal .
Small kids, better be safe -
@mcarson75 said in Multiple OpenVPN mapped to different WiFi SSID (Unifi):
I just feel more secure accessing them from a US-based VPN.
That scenario is not what it sounds like he is wanting... He has multiple vpn connections to different countries... Sorry but that just SCREAMS circumvention...
Why do his small kids need to be surfing his allowed list through a vpn that goes to country xyz?
-
@mcarson75 correct. Blocking ADS, crypto javascript , privacy, tracking and porn for kid. Not fakenews because it actually it blocks what is left or real news ;) .
To be clear , I need access resource in other countries via DNSBL . That's the goal . No proxy PAC please . . :)
-
Why do his small kids need to be surfing his allowed list through a vpn that goes to country xyz?
You're arguing as to why you disagree with his use case. That's your opinion, but honestly I don't feel it's adding anything to the discussion about whether he can do what he wants or not.
-
@mcarson75 @johnpoz anyhow guys . i will further break this down , monitor , logging, grafana ntopng, SNMP and so on but indeed I have reached my goal in this LAB. I will reproduce at home . End goal is to leave my ISP GW as much as possible without leaks anything . Not because I have stuff to hide but because it's "dangerous" out there and often underestimated .
Pfsense is an mazing product . I will try to create an How-to post for Pfsense and Cyberhost VPN since there is near to 0 documentation about it beside this is an amazing VPN services .Thank you all for the time and help !
-
Not arguing the use case - trying to understand how freaking tight his tinfoil hat is!! To me its starting to cut off the circulation to his brain to be honest..
Keeping my kids from surfing porn has ZERO to do with forcing their traffic out a vpn to some other country than my own.. ZERO!!
You can for sure have unbound use VPN A for its queries - my point is trying to have it use vpn A for user B, and vpn C for user A or vlan X is just nuts!! For what possible reason is there to do such a thing..
Just have them all use vpn X.. If your trying to circumvent geo restrictions by using different vpns for different queries.. Your going have a shared cache.. So no going to work..
without leaks anything
This is NONSENSE word... you are "leaking" information everywhere you go, be it you use a vpn or not... Your leaking everything to the vpn.. But for some reason they are more trust worthy then your ISP??? Your leaking dns to wherever you forward.. So unless your resolving your handing over every dns query you do be it you came from a vpn or not to who is providing you dns... You understand there are more ways then what your source IP is to fingerprint you.
You are for sure leaking information to ever site you visit, etc. etc.
"leak" is just the latest buzz word to get money from the you know who... If you don't want to "leak" info - then don't get on the freaking internet ;)
edit: This topic just gets me so worked up ;)
So your worried about your ISP tracking you.. But you don't care that that your CC knows everything you buy when and where.. When you get more condoms, when you stop for a beer after work... When you drive through taco bell after the bar.. Guess you only use cash ever an all purchases?
You do understand your lic plate is read more than likely by every camera on the highway you drive be.. For sure at the toll boths.
Its more than likely your face is picked up at camera's every freaking were.. but for some reason your ok with paying company xyz $ a month so your isp doesn't know you went to pfsense.org... Just makes no freaking sense!
Oh btw your cell provider know pretty much every where your at 24 hours a day, and sells this info for profit... But again your worried about your isp knowing that you hit netflix.com
-
You can for sure have unbound use VPN A for its queries - my point is trying to have it use vpn A for user B, and vpn C for user A or vlan X is just nuts!! For what possible reason is there to do such a thing..
Just have them all use vpn X.. If your trying to circumvent geo restrictions by using different vpns for different queries.. Your going have a shared cache.. So no going to work..
I agree that if you are connecting to other locations via vpn then the only way to make dns work the way you want it to is to have separate dns servers/caches for each.