DNS Behind VPN vs not
-
Are you on the newest version of pfSense (2.2.6)? I just tried to add a static mapping within the DHCP pool range for my LAN and pfSense gives an error (which it should).
When you're assigning static IPs they should never use an IP that's part of your DHCP pools. For example, if you want to assign a static IP on your MAIN network, don't use anything in the ranges of your DHCP pools:
192.168.88.120 - 192.168.88.189 192.168.88.20 - 192.168.88.40So the 192.168.88.190 - 192.168.88.199 addresses you mention are the correct way of doing it.
As for the clients where you can set DHCP with static address, I've never seen that before. As far as I know, and I'm not a DHCP expert, the client can ask for a specific IP, but the server isn't obligated to assign it.
The easiest way to assign static IPs is to do it via pfSense's static DHCP mappings:
-
Go to: Status – DHCP Leases
-
Find the device you want to assign a static IP
-
Click the + sign in the rightmost column to add a static mapping
-
Give it an IP that's not in any of your DHCP ranges
That way you can leave all of your devices using DHCP and manage all the addressing from pfSense.
If the bottom of your MAIN tab shows static IP mappings in the 192.168.88.20 - 192.168.88.40 range, could you post a screenshot? As far as I know that's not supposed to be possible.
-
-
I am on the latest version of pfSense 2.2.6
I have attached a screenshot from the bottom of the tab below.
I think I see what happened - the VPNIPS tab was assigned to .20 -.40, but all the static IPs I set were between .10 and .19 (i.e. outside the VPNIP pool) - these addresses are still covered by my alias for IP addresses to be sent to PIA (.10-.40)
-
Which still brings me back to the original question of how to get all devices that have IP addresses from .10 to .40 (covered by my "VPN-IPs" alias) to use OpenDNS DNS servers rather than my ISP DNS servers, without using the firewall rules I outlined above.
Also, I am still wondering which rule that I posted might have a typo (as you mentioned a few posts ago) - I feel like I should correct this.
-
That makes sense for the DHCP stuff.
It might be easiest to wait for me to write up a howto. That way you can compare a working config to what you have and it'll probably be easier to pick out the differences.
It'll take me a while to write a good howto so, like I mentioned, it's unlikely I'll reply again until later tonight. I'll try to include a bit of explanation when I do it.
-
Appreciated!
-
Hey,
I didn't get to this yesterday, but did it today:
https://forum.pfsense.org/index.php?topic=106305.0
That's basically every step needed to configure a fresh install.
-
@ryan29:
Hey,
I didn't get to this yesterday, but did it today:
https://forum.pfsense.org/index.php?topic=106305.0
That's basically every step needed to configure a fresh install.
That guide is excellent and I thank you for taking the time to put it together. I really appreciate your help with all of this. I am going to go through each of the steps that you outlined and make sure that my setup is properly configured.
(If any moderators are reading this, I would like to suggest that ryan29's guide be sticky-ed somewhere so newbies like myself can benefit from it)