The HTTP/S requests are successfully being processed by dante, however, the issue I'm running into is that dante will not process the DNS requests over the specified VPN connection- it always defaults to to the WAN dns (so the browsers are leaking DNS requests).

Below is my config file:

# Logging

debug: 1

logoutput: /var/log/sockd.log

# User
user.unprivileged: nobody

# Bind ports
internal: em1 port = 1080
external: ovpnc3

# Auth
clientmethod: none
socksmethod: none

client pass {
  from: 0.0.0.0/0 to: 0.0.0.0/0
  log: error
  clientmethod: none
}

# generic pass statement - bind/outgoing traffic
socks pass {
  from: 0.0.0.0/0 to: 0.0.0.0/0
  command: bind connect udpassociate bindreply udpreply
  socksmethod: none
  log: error
}

I verified that my browser connections are in fact 100% proxified since I ran wireshark on the boxes hosting the browsers and found no traffic that was non-socks. Further, I tried connecting my browsers to a few external public SOCKS5 proxies and found that they were properly proxyfing the DNS connections.

Reading up on the dante documentation, the only directive I could find that is DNS related is the "resolveprotocol" command, which can be set to tcp, udp or fake, none of which solved my problem.

Looking at the dante logs under /var/log/sockd.log, I see a number of pass: tcp/connect entries, which show the IP of the request along with how it was routed through dante, but not a single line that references any UDP packets.

To clarify, I want only traffic processed by dante/SOCKS to be sent through the VPN tunnel- I could configure pfsense to send all DNS traffic though a single VPN tunnel using NAT rules, but that isn't what I'm trying to do here.

Any thoughts as to why dante isn't processing DNS?