OpenVPN, Viscosity & pfSense 2.4.5
I installed a new version of pfSense a while back and I'm now configuring my OpenVPN setup, not unlike I did before my new installation of pfSense. I'm currently running pfSense 2.4.5-RELEASE-p1 (amd64) and Viscosity 1.8.6 (1546) on a MacBook Pro. Connecting to my pfSense OpenVPN installation with Viscosity has no issues, however, I'm noticing at around 6 minutes of viewing web pages, it appears that all network traffic stops. I can't get to any web pages, however, Viscosity still shows that I'm connected and pfSense still shows I'm connected. I've tested this several times now and the 6 minute time frame seems to hold. The only way I have been able to test the connections is by using my iPhone tethered to my MacBook Pro and using the Personal Hotspot.
I know there are a lot of settings to consider when configuring pfSense for OpenVPN use but has anyone ever seen data stop flowing at a certain time interval when using pfSense with OpenVPN and Viscosity? Any suggestions would be most helpful. Thank you.
Interestingly, I deleted all of my settings and reconfigured OpenVPN on pfSense. I did an extended DNS leak test from [https://www.dnsleaktest.com/] and found the following:
Query round Progress... Servers found
1 ...... 5
2 ...... 4
3 ...... 4
4 ...... 5
5 ...... 4
6 ...... 4
The Query round is lines 1 thru 6.
The Progress is ........
Servers found is 5,4,4,5,4,4
Shouldn't the Servers found be 1?
I'm only using Quad9's DNS servers in pfSense:
Both of which are anycast IPs..
So yeah... Your going to see lots of IPs
If you’re wondering why you’re seeing WoodyNet, it’s because Quad9 is what’s called an anycast DNS, which automatically routes queries to the nearest server. While Quad9 has servers at more than 100 locations around the globe, it doesn’t own its own servers. Instead, Quad9 relies on Packet Clearing House (which is present at 160+ internet exchange points) to host DNS servers for it. PCH’s Executive Director is Bill Woodcock a/k/a Woody. Hence, WoodyNet.
Love when users so worried about leaking dns, yet don't understand how any of it works at all in the first place.
Do you really think that everyone on the planet actually just talks to single IP 220.127.116.11? from all over the globe?
And clearly they are trust worthy, they don't even "own" servers providing dns - wonder what the "owners' of said servers or networks might be doing with all that dns info ;)
Gertjan last edited by
johnpoz...thank you for your replies. Very helpful.
Gertjan...it seems after I configured OpenVPN for the second time on pfSense, the 6 minute time is no longer an issue, at least at the time of this post. If anything changes, I'll repost.