Jump to content
Not connected, Your IP: 18.221.161.43
JohnHD1981

DNS Block Lists Not Working With pfSense Router

Recommended Posts

I have configured my pfSense 2.6.0 setup following nguvu's guides here https://nguvu.org/pfsense/pfsense-baseline-setup/ and here https://nguvu.org/pfsense/pfsense-multi-vpn-wan/

I have multi VPN WAN configured but have a question around the use of the DNS Block Lists in AirVPN.

The 3 connections to AirVPN in pfSense are using a specific device key pair as configured in AirVPN and the three connections show in the AirVPN client area as that device.

I have configured a specific DNS Block list in AirVPN for that device profile.

However no matter what I use in terms of the connectivity on my network none of the blocklists seem to apply.

Either on the VPN_LAN where I'm within the tunnel and using the DNS Resolver utilising AirVPN DNS (confirmed by ipleak.net) or if on the LAN where I'm on my ISP's IP but still routing DNS queries through the tunnel via the DNS Resolver utilising AirVPN DNS (again confirmed by ipleak.net)

Am I missing or misunderstanding something as to why the block lists don't apply in any way to any of the devices on my home network using the AirVPN DNS servers?

If I connect via a cellular connection on my phone using Eddie and use the same Device Profile the block lists work correctly whilst connected.

Not sure what I've overlooked or misunderstood perhaps?

Any help appreciated

Share this post


Link to post

to utilize airvpn blocking.  the devices need to use their internal DNS.  of at least 10.4.0.1. assigned to each client.

I am guessing you followed the part in the article about DNS leaking and you are using 8.8.8.8 or similar? 

Share this post


Link to post

Thanks for the response @Air4141841

I'm not sure which part of the guide you mean, sorry? 

All my deivces pick up their DNS server address as the pfSense router IP address and DNS request over port 53 is then routed via the DNS Resolver (using one of the load balanced AirVPN connections). 

There is then a non-firewall DNS lookup redirect NAT/Firewall rule that forces any request from a LAN address to a non-LAN address for DNS (using port 53) to be redirected back to the localhost on port 53 to complete the request via the local DNS Resolver rather than via the requested provider.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...