Multiple OpenVPN mapped to different WiFi SSID (Unifi)
-
@Antonio76 It looks like you are blocking LAN in your firewall rules, but your DNS server is on your LAN. You should push 192.168.49.1 as your DNS server instead of 192.168.1.1. It should be running on all interfaces.
Alternatively you could add a firewall rule to allow access on port 53 only to 192.168.1.1.
-
@mcarson75 got it fixed via DNS forwarder (enabled) on that VLAN 49 . (I had it disabled)
Still debugging because beside click and click , I need to understand the Pfsense logic behind
-
@Antonio76 said in Multiple OpenVPN mapped to different WiFi SSID (Unifi):
is the DNSBL feature that I need
And why are you going to youporn.com? I would assume you would only go there if you wanted too.. Do you have teenage boys or something your trying to filter?
-
My take is you want these special vpn ssids so you can circumvent specific geo restrictions.
It's not always about geo restrictions. I'm an American working in Asia. All my banks and other accounts are in the US. I just feel more secure accessing them from a US-based VPN. Perhaps it's overkill. But yeah, most of the time I am browsing internet on my VPN to the US, and I want an ad-blocker.
-
@johnpoz porn list is one of my DNSBL. Don't get me wrong for the test selection :) . but DNSBL was the goal .
Small kids, better be safe -
@mcarson75 said in Multiple OpenVPN mapped to different WiFi SSID (Unifi):
I just feel more secure accessing them from a US-based VPN.
That scenario is not what it sounds like he is wanting... He has multiple vpn connections to different countries... Sorry but that just SCREAMS circumvention...
Why do his small kids need to be surfing his allowed list through a vpn that goes to country xyz?
-
@mcarson75 correct. Blocking ADS, crypto javascript , privacy, tracking and porn for kid. Not fakenews because it actually it blocks what is left or real news ;) .
To be clear , I need access resource in other countries via DNSBL . That's the goal . No proxy PAC please . . :)
-
Why do his small kids need to be surfing his allowed list through a vpn that goes to country xyz?
You're arguing as to why you disagree with his use case. That's your opinion, but honestly I don't feel it's adding anything to the discussion about whether he can do what he wants or not.
-
@mcarson75 @johnpoz anyhow guys . i will further break this down , monitor , logging, grafana ntopng, SNMP and so on but indeed I have reached my goal in this LAB. I will reproduce at home . End goal is to leave my ISP GW as much as possible without leaks anything . Not because I have stuff to hide but because it's "dangerous" out there and often underestimated .
Pfsense is an mazing product . I will try to create an How-to post for Pfsense and Cyberhost VPN since there is near to 0 documentation about it beside this is an amazing VPN services .Thank you all for the time and help !
-
Not arguing the use case - trying to understand how freaking tight his tinfoil hat is!! To me its starting to cut off the circulation to his brain to be honest..
Keeping my kids from surfing porn has ZERO to do with forcing their traffic out a vpn to some other country than my own.. ZERO!!
You can for sure have unbound use VPN A for its queries - my point is trying to have it use vpn A for user B, and vpn C for user A or vlan X is just nuts!! For what possible reason is there to do such a thing..
Just have them all use vpn X.. If your trying to circumvent geo restrictions by using different vpns for different queries.. Your going have a shared cache.. So no going to work..
without leaks anything
This is NONSENSE word... you are "leaking" information everywhere you go, be it you use a vpn or not... Your leaking everything to the vpn.. But for some reason they are more trust worthy then your ISP??? Your leaking dns to wherever you forward.. So unless your resolving your handing over every dns query you do be it you came from a vpn or not to who is providing you dns... You understand there are more ways then what your source IP is to fingerprint you.
You are for sure leaking information to ever site you visit, etc. etc.
"leak" is just the latest buzz word to get money from the you know who... If you don't want to "leak" info - then don't get on the freaking internet ;)
edit: This topic just gets me so worked up ;)
So your worried about your ISP tracking you.. But you don't care that that your CC knows everything you buy when and where.. When you get more condoms, when you stop for a beer after work... When you drive through taco bell after the bar.. Guess you only use cash ever an all purchases?
You do understand your lic plate is read more than likely by every camera on the highway you drive be.. For sure at the toll boths.
Its more than likely your face is picked up at camera's every freaking were.. but for some reason your ok with paying company xyz $ a month so your isp doesn't know you went to pfsense.org... Just makes no freaking sense!
Oh btw your cell provider know pretty much every where your at 24 hours a day, and sells this info for profit... But again your worried about your isp knowing that you hit netflix.com
-
You can for sure have unbound use VPN A for its queries - my point is trying to have it use vpn A for user B, and vpn C for user A or vlan X is just nuts!! For what possible reason is there to do such a thing..
Just have them all use vpn X.. If your trying to circumvent geo restrictions by using different vpns for different queries.. Your going have a shared cache.. So no going to work..
I agree that if you are connecting to other locations via vpn then the only way to make dns work the way you want it to is to have separate dns servers/caches for each.