Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Windows DNS bypasses pfsense (DNS leak)

    OpenVPN
    3
    10
    143
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      Bernd6560 last edited by

      What I've tried is to select the VPN interface in outgoing network interfaces, but leak tests still show both DNS servers I entered on my Windows PC.

      I have little technical knowledge and don't really know what to look for, any help is greatly appreciated.

      bingo600 2 Replies Last reply Reply Quote 0
      • bingo600
        bingo600 LAYER 8 @Bernd6560 last edited by bingo600

        @Bernd6560

        Are your Win10 PC connected via Lan/WiFi - Directly to the pfSense , or is it using an OpenVPN client to connect to the pfSense ?

        You talk about typing in DNS ip addresses , does that mean your PC is not using DHCP ?

        If OpenVPN Client isused on the PC , i see a Client-Export setting

        ca90f271-c824-42c2-9db9-5d9373be8cd9-image.png

        If directly connected , it is a different ball game.

        If you find my answer useful - Please give the post a šŸ‘ - "thumbs up"

        pfSense+ 22.01 (ZFS)

        QOTOM-Q355G4 Quad Lan.
        CPUĀ  : Core i5 5250U, Ram : 8GB Kingston DDR3LV 1600
        LANĀ  : 4 x Intel 211, DiskĀ  : 250G EVO870 Sata SSD

        B 1 Reply Last reply Reply Quote 0
        • B
          Bernd6560 @bingo600 last edited by

          @bingo600 Win10 is connected via lan to pfsense and PC is using static IP.
          Not sure that the "block outside DNS" option is, do i have to make a rule somethere?

          bingo600 1 Reply Last reply Reply Quote 0
          • bingo600
            bingo600 LAYER 8 @Bernd6560 last edited by bingo600

            @Bernd6560

            Re: "block outside DNS" option

            That would only be used if you were connecting via an OpenVPN client.

            Not for direct LAN

            If you find my answer useful - Please give the post a šŸ‘ - "thumbs up"

            pfSense+ 22.01 (ZFS)

            QOTOM-Q355G4 Quad Lan.
            CPUĀ  : Core i5 5250U, Ram : 8GB Kingston DDR3LV 1600
            LANĀ  : 4 x Intel 211, DiskĀ  : 250G EVO870 Sata SSD

            1 Reply Last reply Reply Quote 0
            • bingo600
              bingo600 LAYER 8 @Bernd6560 last edited by

              @Bernd6560 said in Windows DNS bypasses pfsense (DNS leak):

              What I've tried is to select the VPN interface in outgoing network interfaces,

              Where did you try that , on the PC or pfSense ?

              but leak tests still show both DNS servers I entered on my Windows PC.

              If you have entered two DNS servers on your Windows PC , then windows will probably use both.

              What are you trying to accomplish here ??

              If you find my answer useful - Please give the post a šŸ‘ - "thumbs up"

              pfSense+ 22.01 (ZFS)

              QOTOM-Q355G4 Quad Lan.
              CPUĀ  : Core i5 5250U, Ram : 8GB Kingston DDR3LV 1600
              LANĀ  : 4 x Intel 211, DiskĀ  : 250G EVO870 Sata SSD

              1 Reply Last reply Reply Quote 0
              • B
                Bernd6560 last edited by Bernd6560

                Where did you try that , on the PC or pfSense ?

                On pfSense.

                If you have entered two DNS servers on your Windows PC , then windows will probably use both.

                What are you trying to accomplish here ??

                As the title suggests, I am using OpenVPN on pfsense, but the DNS on the client PC was leaking, which defeats the purpose of a VPN.

                After some more Google research, I came across this https://docs.netgate.com/pfsense/en/latest/recipes/dns-redirect.html.
                It seems that this solved the problem. DNS leak tests now show the VPN's DNS servers.
                Would be interesting to know if this is the correct approach or just a workaround in my case.

                bingo600 1 Reply Last reply Reply Quote 0
                • bingo600
                  bingo600 LAYER 8 @Bernd6560 last edited by bingo600

                  @Bernd6560

                  I would expect that to be the correct approach.

                  If you tell your Win10 machine to use 2 DNS servers , it will send requests to both. No matter if you have an OpenVPN connection on your pfSense or not.
                  Remember the Win10 machine just does as told ....

                  What you did (i guess ... didn't read it all) , was to "Catch ALL DNS requests" , and redirect them to the pfSense box.

                  Windows is still sending DNS requests to both DNS'es configured , you just catch them , and redirect them to the pfSense.

                  /Bingo

                  If you find my answer useful - Please give the post a šŸ‘ - "thumbs up"

                  pfSense+ 22.01 (ZFS)

                  QOTOM-Q355G4 Quad Lan.
                  CPUĀ  : Core i5 5250U, Ram : 8GB Kingston DDR3LV 1600
                  LANĀ  : 4 x Intel 211, DiskĀ  : 250G EVO870 Sata SSD

                  1 Reply Last reply Reply Quote 1
                  • B
                    Bernd6560 last edited by

                    Does the DNS used matter in terms of anonymity when running OpenVPN?

                    I've used Google DNS so far (on Pfsense and windows).

                    Gertjan 1 Reply Last reply Reply Quote 0
                    • Gertjan
                      Gertjan @Bernd6560 last edited by Gertjan

                      @Bernd6560 said in Windows DNS bypasses pfsense (DNS leak):

                      Does the DNS used matter in terms of anonymity....

                      I've used Google DNS .....

                      I tend to say that "Google DNS" and "anonymity" are total opposits.

                      If "Google DNS" was the best, your pfSene would use it as a default setting.
                      Guess what ? It isn't !
                      If Netgate called Google and asked : "how much do you offer if we declare your DNS as the default in our pfSense", Netgate would receive a big cheque.

                      If you have a contract with Google, and you have to hand over all your DNS requests, then all up to you.
                      I would / could not call that anonymity.

                      Btw : I've nothing against Google, even using some of their services. I know it's not free : they use my 'private data'. I know.

                      No "help me" PM's please. Use the forum.

                      B 1 Reply Last reply Reply Quote 0
                      • B
                        Bernd6560 @Gertjan last edited by

                        @Gertjan Everyone knows that Google collects data wherever it can ... I would like to know if it makes a difference while connected to a VPN...

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post