Route OpenVPN DNS requests to tunnel NOT to Upstream DNS

Hi I have setup an openVPN client with Kill Switch as in Tom’s Video. However DNS requests are going to my Upstream DNS as specified in System | General. I have tried the following:

  1. If I go to General DNS Resolver and select the VPN Interface for Outgoing Network Interfaces then ALL DNS requests from openVPN AND non openVPN hosts get sent out to the openVPN DNS. I do not want this behavior. I want the openVPN DNS host requests to go through the tunnel and NON to be routed to the Upstream DNS as specified in System | General Setup | DNS.

What is the best approach for this? Could this be done with a Firewall Rule and what would that look like? Thanks for any help!

You could use the DNS redirect pfSense Configuration Recipes — Redirecting Client DNS Requests | pfSense Documentation then create a policy to send DNS over the OpenVPN tunnel. Or create a policy to direct DNS out based on source of each network. Not something that I have done before.

My guess is that you haven’t setup your OpenVPN client correctly, could be a setting checked or not checked.

Presumably you want all traffic to go out the VPN WAN when connected. Guess if you checked for a DNS leak you have it.

At least on my setup, all traffic exits the VPN WAN.

Don’t pull routes - not checked
Don’t add/remove routes - checked

I think these options need to be set correctly, perhaps try it. Though I use DNS Forwarder for my ISP and Resolver for VPN.