Does anyone know how to do selective DNS on PfSense (2.4.4)?
My problem:
I want the VLAN that has mobile devices to use the ExpressVPN DNS automatically, but my other VLANS (Like my PC) to continue using Cloudflare, which is not on the VPN.
So I only want the devices on the VPN use the VPN’s DNS & every other device use cloudfare.
I just switched from PIA to ExpressVPN:
-I setup OpenVPN
-I’m routing traffic
But I’m still connected to cloudflare’s DNS and want to use ExpressVPN’s DNS to have 0 leaks (I know cloudflare has no logs either)
To change this I went to Services / DNS resolver / General settings
-I set The Outgoing Network Interfaces to the ExpressVPN interfaces
-I registered DHCP leases in the DNS Resolver
-I disabled fowarding mode
This makes ALL traffic use the VPN’s DNS. How can I do this based on VLAN/network?
I am also running pfBlocker if that means anything.
however I think this relates to pfblocker, though I will admit I set this up 18m ago and am not sure if I had an entry when I configured pfsense, i suspect not.
I have that setup also for pfblocker, but I’m still confused how you manage to setup all VPN traffic to use the VPN’s DNS and other traffic to use another DNS (like cloudflare, quad9, etc)
I just don’t want any “leaks” with the traffic on the VPN
I think it might depend on your VPN provider actually. I use AirVPN, with them you have to enter the IP address of the server for the OpenVPN connection, hence no DNS resolution is required as such. Once the openVPN tunnel is up all traffic is resolved by AirVPNs DNS (whatever that might be), if the tunnel goes down no traffic can be resolved on the my vlans using AirVPN.
I do recall it took me ages to get it working but I kept no notes as I had to keep hacking away until I got it working.
I mean I got it to pull from the VPN’s DNS server automatically when I disabled forwarding mode in the resolver. My problem at that point was ALL traffic was using the VPN’s DNS. I didn’t want the traffic not on the VPN to use the VPN’s DNS.
(I only set the interface that the VPN was on as the outgoing connection)
Hmmm … in Resolver under “Network Interfaces” I’ve only selected my vlans which use the VPN. Under “Outgoing Network Interfaces” I’ve only selected my AirVPN WAN interfaces. Try that.
If I set the DNS server for 1.1.1.1 in the DHCP for my LAN it will bypass my pfblocker. But that will theoretically will work for the problem, but it just creates another.
And if I point the DNS to my Pfsense host ip (192.168.100.1) it will just set the DNS back to the VPN’s DNS.
I need it to route through the router’s DNS so that it picks up the pfblocker rules, but also go to cloudflare instead of all the traffic using the VPN’s DNS
Let me try selecting multiple interfaces in the resolver other than the VLAN interface and see what happens.
Here is an upload of my DNS resolver for reference.
I have it set to forwarding mode currently to just use cloudflare’s DNS
But when I turn it off it sets all traffic (even the traffic not on the VPN) to the VPN’s DNS
I need to keep pfblocker working, but allow the LAN interfaces to be directed to cloudflare’s DNS.