JohnHD1981 0 Posted ... I have configured my pfSense 2.6.0 setup following nguvu's guides here https://nguvu.org/pfsense/pfsense-baseline-setup/ and here https://nguvu.org/pfsense/pfsense-multi-vpn-wan/ I have multi VPN WAN configured but have a question around the use of the DNS Block Lists in AirVPN. The 3 connections to AirVPN in pfSense are using a specific device key pair as configured in AirVPN and the three connections show in the AirVPN client area as that device. I have configured a specific DNS Block list in AirVPN for that device profile. However no matter what I use in terms of the connectivity on my network none of the blocklists seem to apply. Either on the VPN_LAN where I'm within the tunnel and using the DNS Resolver utilising AirVPN DNS (confirmed by ipleak.net) or if on the LAN where I'm on my ISP's IP but still routing DNS queries through the tunnel via the DNS Resolver utilising AirVPN DNS (again confirmed by ipleak.net) Am I missing or misunderstanding something as to why the block lists don't apply in any way to any of the devices on my home network using the AirVPN DNS servers? If I connect via a cellular connection on my phone using Eddie and use the same Device Profile the block lists work correctly whilst connected. Not sure what I've overlooked or misunderstood perhaps? Any help appreciated Quote Share this post Link to post
Air4141841 25 Posted ... to utilize airvpn blocking. the devices need to use their internal DNS. of at least 10.4.0.1. assigned to each client. I am guessing you followed the part in the article about DNS leaking and you are using 8.8.8.8 or similar? Quote Share this post Link to post
JohnHD1981 0 Posted ... Thanks for the response @Air4141841 I'm not sure which part of the guide you mean, sorry? All my deivces pick up their DNS server address as the pfSense router IP address and DNS request over port 53 is then routed via the DNS Resolver (using one of the load balanced AirVPN connections). There is then a non-firewall DNS lookup redirect NAT/Firewall rule that forces any request from a LAN address to a non-LAN address for DNS (using port 53) to be redirected back to the localhost on port 53 to complete the request via the local DNS Resolver rather than via the requested provider. Quote Share this post Link to post