I recently decided I want more control over my home network, so I bought a Protecli for pfSense, a Unifi Switch 8 & Unifi AP-AC-LR. My current dilemma is that I am having issues with my android phone and Shield TV while connected to Mullvad VPN via pfSense, and I’m not sure if I’m missing a firewall rule or maybe a DNS setting. When I connect my Win10 laptop to the Polska SSID, it resolves fine. I have a mullvad openVPN client set up using their guide.
My phone and shield TV cannot seem to get a connection on the Polska SSID, which I’m pretty positive is tied to DNS. I say this because when I enable the WAN interface under outgoing interfaces, the issues go away. But when I do that, the devices reach for DNS that isn’t Mullvad, which I don’t want. Where can I look to figure out what’s going on? I’ve enabled logs on my LAN interface, but am not seeing any denies that correspond. This does not happen if I connect those devices to my Guest network.
I’m pretty new to networking, so forgive me if I’m obtuse.
I see that your attempting to get all the DNS traffic to go our of the VPN, test using a tool such as nslookup or dig to determine if DNS is working on pfsense.
I have Mullvad DNS set as the top 2 for all my networks in DHCP, and dig/drill do indeed fail when I send the query to my firewall. And after thinking about it, you pointed me in the right direction. Changing the DNS under System>General Setup to Mullvad DNS has resolved the issue I believe. Thank you!
My follow up question is why would my phone and Shield TV be able to resolve on the Guest network without issue?
Edit:
Turns out that didn’t actually help. Apps on my phone give a connection failure message when trying to reach the internet.
Then you have a portion solved. I am sure it’s just a check box. I know when I setup a clan on my erx for the first time I simply had the dns ip incorrect. Sure it is something very simple.
Can you ping your dns server once you are tied to the network?