i feel stupid i cant get pfblockerng to work with my vpn

calbha

Running the latest pfsense version on a 2.2 i5 4 gigs of ram.

tried using these steps https://www.linuxincluded.com/block-ads-malvertising-on-pfsense-using-pfblockerng-dnsbl/

I got confused on the wizard on which interfaces to select when using a vpn. Tried inbound wan outbound vpn interface and vice versa. Also tried variations of lan/wan and lan/vpninterface and vpn/vpn just for kicks. also tried ->services ->dns resolver and changing the outgoing interface to lan then re did it in wan incoming /lan outgoing and still no dice.

Every time I try pinging an ad server I get the ip back.

Extra things tried: added route-nopull to my OpenVPN options
and services -> DNS Resolver -> General Settings -> DNS Query Forwarding: Enable forwarding mode

I'm not sure what im leaving out from those steps or is there stuff missing from that tutorial I should be doing? I do see some things being blocked at the status window but when I go to say (yahoo.com yes I'm intentionally going there because its filled with ads.) all the ads pop up.

calbha

and its not working on a fresh install either.

edit and feeling stupid I should. I had VPN DNS addresses on the machines

stephenw10

So all good once LAN clients were using Unbound in pfSense for DNS?

calbha

@stephenw10 yup then I just increased my dhcp lease times to several seconds of holding down the 9 button to give "quasi-static" IPS. But still use dhcp for the DNS.

stephenw10

Hmm, not sure why you would have to do that. You could just add them as static leases so they always get the same IP.

Steve