OpenVPN gateway set-up
-
I`m using pfSense 2.6 and my goal is to ensure all traffic goes on my vpn client and there are no leaks.
I did everything according to this guide
https://www.ivpn.net/privacy-guides/advanced-privacy-and-anonymity-part-6/but unfortunately openvpn can not resolve host address if I set default gateway to OPT1 (VPN). It goes online if I set it back to WAN however there are DNS resolution issues on clients.
Any ideas?
-
@deviace
Few details. However, presumably the client is configured to use an internal DNS service like the pfSense DNS Resolver, but you policy routed all traffic to the VPN provider. Hence access to the internal DNS cannot happen.Best solution is to forward DNS requests to either the DNS server of the VPN provider or to any other public DNS server.
You can do this easily with NAT port forwarding rule.Alternatively, but less recommended, if you use the DNS Resolver on pfSense you can configure it to only send upstream requests out to the VPN gateway. But then DNS resolution is not possible if the VPN is not connected.
-
@deviace
If I understand your request correctly, watch this video a few times. It's kind of tailored to "Privacy VPNs", but I think it might apply to your OpenVPN interface.It discusses setting up a "tagging" rule on all of your LAN interfaces/networks and then use a floating rule to act as a "kill switch" to prevent the tagged packets from going out the WAN.
In this approach, the default gateway is still set to WAN, but you set all your LAN/OPT/VLAN interfaces to use the OpenVPN interface.
Hope I'm not sending you on a wild goosechase.