Recently I setup WireGuard as a privacy VPN on my pfSense router. Unfortunately I still have some problems with my local DNS. Namely, I can’t reach the pfSense admin panel by domain name, but the IP works.
My setup: I’m using WireGuard instead of OpenVPN, which works as expected. However, I am not sure which DNS servers to specify, and the location of the settings is also questionable for me. If I set up the DNS server addresses of my specific VPN provider in the DHCP service (on the specific network/VLAN) and therefore override the DNS servers on the general settings page, I don’t have any DNS leaks, but I can’t resolve my local DNS. If I do the opposite (set the DNS servers on the general settings page), I can resolve my local DNS, but I get DNS leaks (even though I have the correct WireGuard IP address from my provider).
Both make sense to me, but I’m too much of a noob to find the setting that provides the best of both worlds.
How can I fix this (having local DNS and routing without DNS leaks over my VPN at the same time)? I really liked Tom’s setup (from the OpenVPN Privacy VPN Video) because I can define multiple VPN connections with one kill switch floating rule for individual networks. I need to keep it that way.
Any help would be appreciated as I don’t know what to do and have already spent quite some time trying to trace this problem.
As a third approach, I specified the local DNS address of my pfSense firewall in the DHCP-specific network settings, with the result that I reach my VPN server and local DNS while being bugged by DNS leaks (again).
I provide some screenshots. If you need more to understand my setup, please let me know. With the DNS server overrides in my specified VLAN, I have no DNS leaks. My WireGuard tunnel setup also works fine. I just can’t query any local DNS because all DNS goes through the tunnel.
My fault, I understand what you are trying to do now. You are specifying to only use IVPN DNS servers so you wont be able to resolve any DNS names.
If you want the best of both worlds you will have to setup a DNS server on the same network as your LAN (I assume) and then set that DNS server to forward requests to the IVPN provided DNS servers. In this way you can still create DNS records locally and all your DNS queries externally will be going out properly without leaks. Then point all of your devices to your new DNS server.
I think that depends. Are you wanting all your devices going over the IVPN tunnel? If not then I’m not sure that is a viable option to use PFsense. I’m also not entirely sure that would work. I haven’t done that before.
I would say, use whatever is comfortable to you and satisfies your needs. I don’t really have a preference but, I can tell you which ones I have used in the past.