DNS leak on openvpn using pfsense

Hey all,

Tom, I followed your link for setting up openvpn with PIA on pfense. I did everything, and I’m routing out of my gateway with the rules you mentioned. I did a DNS leak test, which still shows up under Verizon. I manually set DNS servers via IP reservations. I did some research, and some mentioned disabling DNS over TLS, but nothing seems to work. I checked my client using ipconfig and it uses PIA’s DNS servers. Any idea?

Don’t set pfsense to be the DNS for devices you want to go out over the VPN, use something like Quad9 on those devices.

Currently, I have this in my custom options under the client settings:

dhcp-option DNS 10.0.0.241

dhcp-option DNS 10.0.0.243

When I do an ipconfig command on the Windows device, it shows that the DNS address is PIA’s servers. I read somewhere to prevent leaking; you should use the VPN’s DNS servers. I also made sure to flush the DNS as well. I’m not sure what other settings would trigger this to happen. I read somewhere PIA doesn’t play nice with DNSSEC. The only other thing I can think of is DNS resolver is messing something up, but I am unsure because I haven’t fooled around with it in-depth yet. Do you have any idea where I should be looking? If I am getting a Verizon hostname on the DNS leak test, that would mean VPN traffic is going out of the WAN interface, no? I also did make sure to disable the create route rule, I followed the video you posted step by step.

As always, thanks for the reply, Tom.

-Ben

In your client setup do you use an IP address to connect to the providers server ?

I use AirVPN, leak tests show their servers, had just assumed if you need to resolve a name it must use a DNS server of some sort.

Perhaps try entering the IP address and inspect the results.

IMO you should use a vlan dedicated for VPN traffic with a killswitch, then it’s a set it and forget it situation.