Re: [pfSense] Mastering DNS Resolver and tweaking behaviour with VPN
Hi Lorenz, I can across that website yesteday and although I have pfSense 2.4.3 installed (I believe it ships OpenVPN 2.4.4), I get that the option is not supported although it could be that the server onthe other end is not supporting it? "Options error: Unrecognized option or missing or extra parameter(s) in /var/etc/openvpn/client1.conf:46: block-outside-dns (2.4.4)" Cheers Respect your privacy and that of others, don't give your data to big corporations. Use alternatives like Signal (https://whispersystems.org/) for your messaging or Diaspora* (https://joindiaspora.com/) for your social networking. Il 06/05/2018 09:29, Lorenz Schori ha scritto: > Hi, > > Only covering b). > > On Sun, 6 May 2018 03:30:32 +0100 > Antonio wrote: > >> b) *OpenVPN Clients* - this seems to be a new option that wasn't >> covered in Marks video. Nor is there reference to this in the pfSense >> book. > This was introduced in 2.4.3. see: > https://redmine.pfsense.org/issues/6847 > > It basically makes it easy to connect to OpenVPN clients in the field > from your LAN using the name from their client certificate. This is the > exact opposite most people are doing with their VPNs. > >> Is this the magic setting that forces DNS resolver to route DNS >> querries through the VPN tunnel? >> **Although from the description in >> pfSense this doesn't look like what I'm after.** > There is actually a magic feature in OpenVPN >= 2.3.9 > See: https://dnsleaktest.com/how-to-fix-a-dns-leak.html > > Not sure whether this works for every client OS though. I recommend to > test this thoroughly if your security / security of your clients depends > on it. > > Cheers, > Lorenz ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
[pfSense] Firewall rules on OpenVPN interface
Hi, I was wondering is the "*Block private networks and loopback addresses*" and "*Block bogon networks*" shoudl be ticked for the interface I have created for my OpenVPN client? Do I need to allow incoming requests on that interface? I copied the configuration from the internet to connect to my VPN provider but it gave no detail around these options. You would expect the link to be secure and I guess the only risk is if the VPN provider sends requests to my internal network? Thanks -- Respect your privacy and that of others, don't give your data to big corporations. Use alternatives like Signal (https://whispersystems.org/) for your messaging or Diaspora* (https://joindiaspora.com/) for your social networking. ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] Mastering DNS Resolver and tweaking behaviour with VPN
Correct, no windows for me. Respect your privacy and that of others, don't give your data to big corporations. Use alternatives like Signal (https://whispersystems.org/) for your messaging or Diaspora* (https://joindiaspora.com/) for your social networking. Il 06/05/2018 20:01, Lorenz Schori ha scritto: > Hi, > > On Sun, 6 May 2018 09:47:17 +0100 > Antonio wrote: > >> I can across that website yesteday and although I have pfSense 2.4.3 >> installed (I believe it ships OpenVPN 2.4.4), I get that the option is >> not supported although it could be that the server onthe other end is >> not supporting it? >> >> "Options error: Unrecognized option or missing or extra parameter(s) >> in /var/etc/openvpn/client1.conf:46: block-outside-dns (2.4.4)" > I should have mentioned that this is a windows-specific option and you > should push it to your clients (unless of course you do not have any > windows clients). > > Cheers, > Lorenz ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] DNS configurazione under VPN
After messing around for much of the weekend and reading a bit here and there I have made one small step to achieving my goal. Basically, I am able to bound the DNS Resolver to the VPN interface by selecting it under "Outgoing Network Interfaces". This all traffic goes through the VPN tunnel, including DNS queries. Infact, when I go on dnsleaktest.com, I do not have any leaks and this is very positive. The only problem is that when the VPN link fails, then I cannot resolve DNS queries anymore on my LAN devices. So, what I need to do now, is understand how I can achieve this automatically, i.e. when the VPN link comes up, it tells the DNS Resolver to route through the VPN tunnel; when the VPN link is down, it tells the DNS Resolver to route the DBS queries through the LAN interface. Any suggestions? Thanks Respect your privacy and that of others, don't give your data to big corporations. Use alternatives like Signal (https://whispersystems.org/) for your messaging or Diaspora* (https://joindiaspora.com/) for your social networking. Il 03/05/2018 20:29, Antonio ha scritto: > Hi folks, > > I'm trying to understand why I get DNS leaks. I am connecting to VPN > italian server from UK and when I go to www.dnsleaktest.com, the main > page says I'm connecting from Italy but then, when I do the advanced or > standard tests, these say I'm located in the UK. > > I have: > > 2.4.3-RELEASE (amd64) > built on Mon Mar 26 18:02:04 CDT 2018 > FreeBSD 11.1-RELEASE-p7 > > Installed on a mini PC that is connected via WAN on a DLS modem (setup > in pass through mode, not router mode). pfSense is acting as a DNS > Resolver even though I have have OpenDNS set in the GENERAL tab (I > believe these are not being used because I'm connected via DNS > Resolver). Would it be best to configure pfSense as DNS FOrwarder? > ALthough I'm not sure that this is going to resolve my DNS leak problem. > All clients are confirgured with a DNS set to the IP of the pfSEnse > machine. Any suggestions on what is the best way to configure DNS on > pfSense where occasionally I fire up my OpenVPN connection? > > Many thanks > ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
