Can't access internet with pfsense and proton vpn

stephenw10

@backup2 said in Can't access internet with pfsense and proton vpn:

if i reboot pfsense and check the DNS server, it is my ISP

How do you have DNS configured? What do you have set in System General Setup? Specifically do you have 'DNS Server Override' set?

backup2

@Gertjan said in Can't access internet with pfsense and proton vpn:

Activate (apply) all the official Netgate patches.

done

backup2

@stephenw10 said in Can't access internet with pfsense and proton vpn:

Specifically do you have 'DNS Server Override' set?

no. if i enable it, i lose internet access

i've rebooted now 5 times to test. the first two times the DNS server was ISP. the last 3 times i've rebooted, it's proton.

any idea what accounts for this inconstent behavior?

thanks

stephenw10

How exactly are you testing that? When you say the DNS is the ISP do you mean it actually shows the ISPs DNS servers or it shows you public WAN IP?

backup2

@stephenw10 I'm using dnsleaktest.com

After pfsense reboot, I go to dnsleaktest.com. the page loads and says hello "X.X.X.X" which is a proton IP address

I click on standard test and it says "your public IP: X.X.X.X" which is the same proton IP. below that, under query round, it shows an IP a address of my ISP, the name of my ISP, and my actual physical location, rather than the physical location of the proton server above.

If I go to services > DNS resolver, where OVPNC is already the selection for outgoing network interfaces, click save and apply changes, then check dnsleaktest.com again, under query it now shows proton IP address and physical location of the proton server.

if i reboot pfsense again and then check dnsleaktest.com again, it will most likely show the IP address, name, and physical location of my ISP

Gertjan

@backup2

I'll give you some home work.
Click here : Google : pfsense resolver should use openvpn client WAN connection as that, imho, is your question. So : ask, and read a couple of "Google" answers. Yeah, sorry, there is no "click here and done" solutions.

You'll fund the rather old, but still very valid OpenVPN as a WAN on pfSense video from the pfSense authors. This video handles all your questions - and probably more.
There are more "OpenVPN" (server and client) videos available on the Netgate Youtube channel, I highly recommend them all.

stephenw10

Do you somehow have an outbound NAT rule for the protonvpn address via the WAN?

You could add a block rule to prevent outbound DNS queries on WAN, though you shouldn't need it.

Is the client you're testing from actually using pfSense for DNS? If it's hard coded to use something else or is using DoT or DoH then that could be routed via the WAN before the VPN comes up. Check the states when it's happening.

backup2

@backup2 said in Can't access internet with pfsense and proton vpn:

second, i have a 4 port protectli, but i cannot get the OPT1 or OPT2 ports to work. i have enabled both ports and have tried in firewall > rules to set the gateway to both WAN and OVPN, but neither gives internet access through either OPT1 or OPT2.

any chance you can help with this issue also?

thanks!

Gertjan

@backup2 said in Can't access internet with pfsense and proton vpn:

i have enabled both ports and have tried in firewall > rules to set the gateway to both WAN and OVPN, but ...

Look at your LAN interface.
You have this :

( disregard the IPv6 configuration for the moment )

You saw the "IPv4 upstream gateway" (green) set to None ?!
For other LAN type interfaces, like the OPT1, OPT2 etc, you set that setting to the same "None".

stephenw10

@backup2 said in Can't access internet with pfsense and proton vpn:

any chance you can help with this issue also?

What firewall rules have you added there? There are none by default.

Did you enable dhcp on the new interfaces? Are connected clients pulling an IP correctly?