eddi1984 0 Posted ... Hi, upgraded to pfsense 2.3.3, and since the update, it will not accept 10.4.0.1 as DNS address (when assigning it directly to the VPN Gateway). Error that is shown is "A gateway can not be assigned to DNS '10.0.0.1' server which is on a directly connected network".Not sure why that option was removed. Anybody know a workaround ... PS: Setting up any other open DNS server, like google, works ... Thanks. Quote Share this post Link to post
go558a83nk 364 Posted ... this is something that needs to be asked on pfsense forums. Quote Share this post Link to post
diver3923 4 Posted ... Are you using DNS Resolver or DNS Forwarder? If using DNS Resolver, you don't have to put any DNS servers on the System / General Setup page. It is important to configure the Outgoing Network Interfaces setting in the DNS Resolver service (Services / DNS Resolver / General Settings) to only use your VPN WAN interface(s), not the WAN interface. I'm using pfSense 2.3.3 with no DNS servers defined in General Settings and the Outgoing Network Interfaces set to only use my VPN interface. It works fine with no DNS leaks. ipleak.com returns only AirVPN DNS servers. Quote Share this post Link to post
go558a83nk 364 Posted ... I read a little about this on the pfsense forums. the point is that you don't need to assign a gateway because the VPN server is already "directly connected" (via VPN). the only way it can be reached is via the VPN so no need to assign a gateway. Quote Share this post Link to post
MrConducter 11 Posted ... If I put nothing in the DNS Address field then nothing is resolved. I can put 10.4.0.1 in there with none in the Gateway field and it works, but ipleak doesn't load. Quote Share this post Link to post
go558a83nk 364 Posted ... If I put nothing in the DNS Address field then nothing is resolved. I can put 10.4.0.1 in there with none in the Gateway field and it works, but ipleak doesn't load. do other sites load? Quote Share this post Link to post
Blade Runner 4 Posted ... this is something that needs to be asked on pfsense forums. Background https://forum.pfsense.org/index.php?topic=126063.0 Quote Hide Blade Runner's signature Hide all signatures Do not be afraid to fail. Share this post Link to post
MrConducter 11 Posted ... If I put nothing in the DNS Address field then nothing is resolved. I can put 10.4.0.1 in there with none in the Gateway field and it works, but ipleak doesn't load. do other sites load? yes Quote Share this post Link to post
burgercity 0 Posted ... If I put nothing in the DNS Address field then nothing is resolved. I can put 10.4.0.1 in there with none in the Gateway field and it works, but ipleak doesn't load.I was having this same issue. Though I've been having trouble with pfsense and ipleak.net not resolving for some time before pfsense was recently updated. I think I may have have resolved the issue. or at least found a work-around. I disabled, 'Experimental Bit 0x20 Support', in Services / DNS Resolver / Advanced Settings, and ipleak.net has been resolving correctly ever since. I've made no other changes. I am using 10.4.0.1, with the gateway set to 'none'. Quote Share this post Link to post
MrConducter 11 Posted ... If I put nothing in the DNS Address field then nothing is resolved. I can put 10.4.0.1 in there with none in the Gateway field and it works, but ipleak doesn't load.I was having this same issue. Though I've been having trouble with pfsense and ipleak.net not resolving for some time before pfsense was recently updated. I think I may have have resolved the issue. or at least found a work-around. I disabled, 'Experimental Bit 0x20 Support', in Services / DNS Resolver / Advanced Settings, and ipleak.net has been resolving correctly ever since. I've made no other changes. I am using 10.4.0.1, with the gateway set to 'none'. That worked! How did you even figure that out? lol thank you. Quote Share this post Link to post
LazyLizard14 11 Posted ... Are you using DNS Resolver or DNS Forwarder? If using DNS Resolver, you don't have to put any DNS servers on the System / General Setup page. It is important to configure the Outgoing Network Interfaces setting in the DNS Resolver service (Services / DNS Resolver / General Settings) to only use your VPN WAN interface(s), not the WAN interface. I'm using pfSense 2.3.3 with no DNS servers defined in General Settings and the Outgoing Network Interfaces set to only use my VPN interface. It works fine with no DNS leaks. ipleak.com returns only AirVPN DNS servers.The normal behavior of unbound (resolver) is to query the root servers directly. To avoid DNS leaks it is, like you pointed out, very important to only allow VPN interfaces (and localhost) as outgoing interfaces. But also you not neccessarily have a DNS leak if you allow queries from WAN interface. Of course AirDNS can only be reached through the VPN.I wonder what makes you so sure that you really using Air's DNS while you not enter it's address anywhere? To achieve this you have to enable the forwarding mode in the resolver settings and then in general setup tab set the DNS server(s) as you desire. For AirDNS leave gateway set to "none".I have added a second free public DNS that is using WAN for queries. This serves as a failover if Air's DNS cannot be reached. There is a certain IP-Range of clients that also connect to the WAN directly and not using VPN to connecto to internet. This setup does not give me a DNS leak (WAN IP). Quote Share this post Link to post
ableounceony 6 Posted ... this is something that needs to be asked on pfsense forums. Background https://forum.pfsense.org/index.php?topic=126063.0 Not much constructive help there. Did you ever figure out the "gateway cannot be assigned" thing? I can't figure anything out from that thread. I don't have the experimental bit set and still get that error. I'm scratching my head over the "When using multiple WAN connections there should be at least one unique DNS server per gateway" phrase in pfSense / General Setup / DNS Server Settings when it doesn't seem to let me assign them. Even with LazyLizard14's suggestion, above, I can't figure out where my two VPN tunnels are supposed to get their DNS Server address if I don't give it to them anywhere. Could it be the next option down: DNS Server OverrideAllow DNS server list to be overridden by DHCP/PPP on WANIf this option is set, pfSense will use DNS servers assigned by a DHCP/PPP server on WAN for its own purposes (including the DNS Forwarder/DNS Resolver). However, they will not be assigned to DHCP clients. Which I currently have unchecked? EDIT: I guess I should be a bit more specific since my setup differs slightly from the OP's. I have ONLY the two AirVPN DNS servers 10.4.0.1 and 10.6.0.1 in the General settings page and am trying to assign one to each of my two VPN_WAN interfaces. I'm assuming the issue is that 10.x.x.x is considered a private address space so pfSense doesn't want to use it as a WAN address. But, I still don't see how any traffic going through my VPN interfaces knows which DNS server to use if I don't assign it to the interface. Does Resolver just ask the VPN server itself for the DNS address since, to us (and it), that server is considered local? Quote Share this post Link to post
atcusb 1 Posted ... Old post I know, but ran into this today, and got it to work but doing the following: 1. Add 8.8.8.8 as DNS on the general page, removing and airvpn dns servers.2. disable and reenable any VPN interfaces3. add airvpn dns servers to the correct interfaces under general and remove 8.8.8.8, then click save4. Reboot As far as I can tell, pfsense won't allow you to add a rfc address if the interface lists an rfc compliant ip address in its name - stopping and starting the interfaces changes this temporarily to be say VPN_WAN - optx - dynamic rather than VPN_WAN - optx - 10.x.x.x. If you don't want to reboot, restarting the vpn clients from the openvpn>client page, then dropping and raising interfaces also worked for me! Hope that helps 1 Wolke68 reacted to this Quote Share this post Link to post
chuckhammerberry 2 Posted ... Old post I know, but ran into this today, and got it to work but doing the following: 1. Add 8.8.8.8 as DNS on the general page, removing and airvpn dns servers.2. disable and reenable any VPN interfaces3. add airvpn dns servers to the correct interfaces under general and remove 8.8.8.8, then click save4. Reboot As far as I can tell, pfsense won't allow you to add a rfc address if the interface lists an rfc compliant ip address in its name - stopping and starting the interfaces changes this temporarily to be say VPN_WAN - optx - dynamic rather than VPN_WAN - optx - 10.x.x.x. If you don't want to reboot, restarting the vpn clients from the openvpn>client page, then dropping and raising interfaces also worked for me! Hope that helpsI’m looking for some assistance if possibleI have pfsense 2.4 and two LAN cards, one for VPN traffic and another for regular WAN non-VPN traffic I want to use the open DNS on both networks. However if I enter the Open dNS in DHCP server then I cannot connect to any sites. Only the Aircpn DNS IP seems to work. I have DNS forwarder enabled because if I diss or it and enable DNS resolver I again have no internet connectivity (of course connectivity I mean not able to reach websites) Quote Share this post Link to post
Not connected, Your IP: 3.136.19.136
Online: 27395 users - 321351 Mbit/s total BW