Jump to content
Not connected, Your IP: 18.118.30.153
Sign in to follow this  
cford1905

DNS leak pfsense with SQUID

Recommended Posts

I recently got AirVpn up and running on pfsense router using an awesome guide written by by pfsense_fan.  Everything was working great until today. 

 

This morning I installed Squid and Squidguard and since then I have a DNS leak.  Is it possible that Squid (set up only on my VPN_LAN) is using a different DNS?  Before installing Squid I had no such issues.  I first noticed it when running a speed test and it selected a server that was based on my physical location and not my VPN's IP.

 

Any advice that can be offered would be greatly appreciated.

 

-cford

Share this post


Link to post

Best to keep it within the pfsense thread you may wish to repost there you may get a few more replies back.

 

I do not have squid installed on my pfsense build but have suffered from speedtest displaying my real location on the map issue it was a combination of problems.

 

*Go through the guide one step at a time and make sure all settings are correct, I noticed few mistakes which lead to speedtest showing my real location.

* Try another Air VPN server, no idea why but when I tried connecting to say France or other euro servers other then netherlands, speedtest started to show the correct place on the map.

*You may need to disable geo location within your web browser check here: (do it too all your browsers installed)

http://www.makeuseof.com/tag/disable-fake-location-firefox-internet-explorer-chrome/

 

 

Overall its a bit of a headache but check with Ipleak and click geolocation button it should say something like it could not find or not supported by browser, and of course check with speedtest website hopefully it shows the air vpn servers exit location and not your actual one !

Share this post


Link to post

I will  add a small note on the pfSense thread regarding how to completely prevent DNS leaks on pfSense.

The idea is adding a global pf rule that will catch all connections to any destination udp/53 and will push them

to the local dns resolver (which can be Air's DNS or DNScrypt).

That way no package or daemon, or LAN clients will be able to bypass the DNS settings and query any 3d

party DNS server.

Those requests will be intercepted by the rule and routed to the local resolver, which will then make a proper

request without any leaks.


Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image
Sign in to follow this  

×
×
  • Create New...