greetings! i switched to pfsense about a month ago, and loving it so far.
i have a vpn gateway set up for my nordvpn account, and have everything set up so that some hosts go through the gateway while others do not. this has worked well, but i was still getting dns leaks when using hosts on the vpn.
i’ve followed a few tutorials and finally fixed my DNS leak by forcing all DNS traffic from my vpn hosts across the vpn tunnel (out through the vpn gateway). i did this by doing the following:
- created an alias for the hosts i want to be on the vpn
- created an alias for nordvpn’s DNS servers
- set up a port forward for port 53 coming from my nord devices to the nord dns alias
- modified the LAN rule created by the port forward to send that traffic out through the nordvpn gateway
- tagged all vpn traffic (both the NAT rule and my other vpn traffic rule) with NO_WAN_EGRESS
- added a floating rule to reject all outbound traffic tagged as NO_WAN_EGRESS on the WAN port
this works perfectly and exactly how i want it to, in that it has completely fixed my DNS leaks from VPN hosts. my question is: is there a way to still have a local DNS set up to resolve my local hosts and still keep my dns leak protection in place? i am using adguard home installed on my pfsense box as my local dns resolver, and i have a bunch of easy to type hostnames coming from there that obviously aren’t getting distributed to any hosts that are on the vpn (which is what i’d like to fix if i can).
i’m open to changing how i have this set up to make it work, although it took me weeks to get this working so i’m hesitant to do too much if i can avoid it…