Route OpenVPN DNS requests to tunnel NOT to Upstream DNS

Hi I have setup an openVPN client with Kill Switch as in Tom’s Video. However DNS requests are going to my Upstream DNS as specified in System | General. I have tried the following:

  1. If I go to General DNS Resolver and select the VPN Interface for Outgoing Network Interfaces then ALL DNS requests from openVPN AND non openVPN hosts get sent out to the openVPN DNS. I do not want this behavior. I want the openVPN DNS host requests to go through the tunnel and NON to be routed to the Upstream DNS as specified in System | General Setup | DNS.

What is the best approach for this? Could this be done with a Firewall Rule and what would that look like? Thanks for any help!

You could use the DNS redirect pfSense Configuration Recipes — Redirecting Client DNS Requests | pfSense Documentation then create a policy to send DNS over the OpenVPN tunnel. Or create a policy to direct DNS out based on source of each network. Not something that I have done before.

My guess is that you haven’t setup your OpenVPN client correctly, could be a setting checked or not checked.

Presumably you want all traffic to go out the VPN WAN when connected. Guess if you checked for a DNS leak you have it.

At least on my setup, all traffic exits the VPN WAN.

Don’t pull routes - not checked
Don’t add/remove routes - checked

I think these options need to be set correctly, perhaps try it. Though I use DNS Forwarder for my ISP and Resolver for VPN.

In addition to my WAN, I have two interfaces - LAN and a VPN (PIA). I have the DNS resolver enabled, but DNS forwarder disabled. I have two DNS’es set for each interface (Cloudflare’s DNS addresses for the LAN, and PIA’s DNS addresses for the PIA interface).

I have certain devices (including this pc) running through the PIA vpn, and the rest of my LAN running to my ISP. When I check (from my pc) what my public IP address is, it shows me the PIA server address, which is great, but when I conduct a DNS leak test, I get my ISP’s DNS address ??

Any assistance with this would be appreciated!

You are leaking DNS requests! This article was a big help:

See STEP 11 DNS LEAK PROTECTION Method 1 is very elegant method which redirects ALL VPN bound DNS requests to the VPN DNS

You will need to get PIAs DNS server address. Worked well for me. Also check out the simple Kill Switch in the article.