Windows DNS bypasses pfsense (DNS leak)

Bernd6560

What I've tried is to select the VPN interface in outgoing network interfaces, but leak tests still show both DNS servers I entered on my Windows PC.

I have little technical knowledge and don't really know what to look for, any help is greatly appreciated.

bingo600

@Bernd6560

Are your Win10 PC connected via Lan/WiFi - Directly to the pfSense , or is it using an OpenVPN client to connect to the pfSense ?

You talk about typing in DNS ip addresses , does that mean your PC is not using DHCP ?

If OpenVPN Client isused on the PC , i see a Client-Export setting

If directly connected , it is a different ball game.

Bernd6560

@bingo600 Win10 is connected via lan to pfsense and PC is using static IP.
Not sure that the "block outside DNS" option is, do i have to make a rule somethere?

bingo600

@Bernd6560

Re: "block outside DNS" option

That would only be used if you were connecting via an OpenVPN client.

Not for direct LAN

bingo600

@Bernd6560 said in Windows DNS bypasses pfsense (DNS leak):

What I've tried is to select the VPN interface in outgoing network interfaces,

Where did you try that , on the PC or pfSense ?

but leak tests still show both DNS servers I entered on my Windows PC.

If you have entered two DNS servers on your Windows PC , then windows will probably use both.

What are you trying to accomplish here ??

Bernd6560

Where did you try that , on the PC or pfSense ?

On pfSense.

If you have entered two DNS servers on your Windows PC , then windows will probably use both.

What are you trying to accomplish here ??

As the title suggests, I am using OpenVPN on pfsense, but the DNS on the client PC was leaking, which defeats the purpose of a VPN.

After some more Google research, I came across this https://docs.netgate.com/pfsense/en/latest/recipes/dns-redirect.html.
It seems that this solved the problem. DNS leak tests now show the VPN's DNS servers.
Would be interesting to know if this is the correct approach or just a workaround in my case.

bingo600

@Bernd6560

I would expect that to be the correct approach.

If you tell your Win10 machine to use 2 DNS servers , it will send requests to both. No matter if you have an OpenVPN connection on your pfSense or not.
Remember the Win10 machine just does as told ....

What you did (i guess ... didn't read it all) , was to "Catch ALL DNS requests" , and redirect them to the pfSense box.

Windows is still sending DNS requests to both DNS'es configured , you just catch them , and redirect them to the pfSense.

/Bingo

Bernd6560

Does the DNS used matter in terms of anonymity when running OpenVPN?

I've used Google DNS so far (on Pfsense and windows).

Gertjan

@Bernd6560 said in Windows DNS bypasses pfsense (DNS leak):

Does the DNS used matter in terms of anonymity....

I've used Google DNS .....

I tend to say that "Google DNS" and "anonymity" are total opposits.

If "Google DNS" was the best, your pfSene would use it as a default setting.
Guess what ? It isn't !
If Netgate called Google and asked : "how much do you offer if we declare your DNS as the default in our pfSense", Netgate would receive a big cheque.

If you have a contract with Google, and you have to hand over all your DNS requests, then all up to you.
I would / could not call that anonymity.

Btw : I've nothing against Google, even using some of their services. I know it's not free : they use my 'private data'. I know.

Bernd6560

@Gertjan Everyone knows that Google collects data wherever it can ... I would like to know if it makes a difference while connected to a VPN...