Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    question about dns and vpn

    DHCP and DNS
    2
    7
    276
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • V
      vpittman last edited by

      I have Pfsense set up with expressvpn, everything is looking good, but I'm confused about dns.

      I'd like to set up seperate dns servers for the wan and the vpn. Just for ease of use, I'd like to set the DNS Servers globally so to add a Vlan to the VPN all I have to do is add a NAT and Firewall rule for that Vlan.

      In System->General I have 4 dns servers configured, 2 with the gateway as WAN (quad9), 2 with the gateway as VPN (ExpressVPN) . 'DNS Server Override' is unchecked.

      In DNS Resolver I have 'Enable Forwarding Mode' checked.

      When I check for DNS leaks (https://dnscheck.tools) on either the lan or VPN, I see both sets of DNS servers (both quad9 and ExpressVPN). I was expecting to only see quad9 for lan and only ExpressVPN for the VPN

      What am I missing ? Or maybe there is a better way to do this ?

      Thanks
      Victor

      And thanks to everyone here that has posted on this forum, I was able to get this up and running without too much trouble !!

      V 1 Reply Last reply Reply Quote 0
      • V
        viragomann @vpittman last edited by

        @vpittman said in question about dns and vpn:

        I was expecting to only see quad9 for lan and only ExpressVPN for the VPN

        What so you call "lan" and what "VPN"?
        Are these different networks or is VPN an IP alias for certain devices?
        Do you policy route the traffic to ExpressVPN or is the routing given by the default route?

        V 1 Reply Last reply Reply Quote 0
        • V
          vpittman @viragomann last edited by

          @viragomann By Lan I guess I should have said non vpn traffic, but they are both separate networks. There is no policy routing, just default

          V 1 Reply Last reply Reply Quote 0
          • V
            vpittman @vpittman last edited by

            I realize that I can add the dns to the dhcp server for the vlan using vpn and I will get the dns separation that I'm looking for. But I thought specifying the gateway in the system->general dns settings would do the same thing

            V 1 Reply Last reply Reply Quote 0
            • V
              viragomann @vpittman last edited by

              @vpittman
              The gateway setting for the DSN servers in the general settings is meant for MultiWAN, when using DNS server, which are only reachable over a specific gateway.

              For directing a network segment or certain source IPs in an alias to the desired DNS server, you can add a port forwarding rule fro all DNS requests from these devices.

              However, I'm wondering, how your "VPN" network is routed to expressvpn without policy routing, while the LAN isn't.

              V 1 Reply Last reply Reply Quote 0
              • V
                vpittman @viragomann last edited by

                @viragomann
                Thanks for all the help, but for right now I'm just going to add the dns servers to dhcp and call it good.

                Thanks again,
                Victor

                V 1 Reply Last reply Reply Quote 0
                • V
                  vpittman @vpittman last edited by

                  I just realized that I have no idea what I'm taking about...
                  I am using policy routing on the vpn

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post