Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
18.1 Legacy Series
»
[SOLVED] My NAT settings won't work anymore (OpenVPN DNS-Leak)
« previous
next »
Print
Pages: [
1
]
Author
Topic: [SOLVED] My NAT settings won't work anymore (OpenVPN DNS-Leak) (Read 4440 times)
Oxygen61
Sr. Member
Posts: 350
Karma: 32
Der Weg zum Erfolg hat keine Abkürzung - (Tanaka)
[SOLVED] My NAT settings won't work anymore (OpenVPN DNS-Leak)
«
on:
March 25, 2018, 09:40:02 pm »
Hi guys,
yesterday i updated to 18.1.5 and checked if i leak any DNS-Queries.
I use Unbound DNS (Port 53) for Subnets, which i want to tunnel through my OpenVPN Gateways.
I additionally use DNSmasq (Port 1053) for 1 specific subnet, which i want to use the DNS Servers configured in System: Settings: General
For Unbound the Outgoing Network Interfaces are the VPN interfaces. Since the VPN Gateways used for the VPN Interfaces are not static IPs and changes whenever the connection fails, i made things work by using NAT to only allow connections out, if they fit the NAT rules.
Here are the rules which worked before updating:
Interface Source Source Port Destination Destination Port NAT Address NAT Port StaticPort
VPN_**
<alias for
VPN
subnets> * <alias for !RFC1918> * Interface address * NO
WAN
<alias for
VPN
subnets> * <alias for !RFC1918> *
NO NAT
* NO
WAN
<alias for
WAN
subnets> * <alias for !RFC1918> * Interface address * NO
There should be no way for my VPN-Subnets to leak anything, but dnsleaktest.com shows me otherwise...
in (System: Settings: General) there are 2 DNS-Servers for this 1 specific subnet, which i want to leak DNS-Queries, but it doesn't matter which gateway i choose.. no change whatsoever.
Additionally i checked this: [X] Do not use the DNS Forwarder/Resolver as a DNS server for the firewall
As i said it worked before..... did anything regarding NAT settings changed updating to 18.1.5?
btw. iam not using IPv6
Thanks alot guys!
Best regards,
Oxy
«
Last Edit: March 26, 2018, 12:28:06 am by Oxygen61
»
Logged
Oxygen61
Sr. Member
Posts: 350
Karma: 32
Der Weg zum Erfolg hat keine Abkürzung - (Tanaka)
Re: [18.1.5] My NAT settings won't work anymore (OpenVPN DNS-Leak)
«
Reply #1 on:
March 25, 2018, 11:55:22 pm »
I did a revert back to version 18.1.4 and even load some backups from where it worked.... and it still does not work anymore.... i just don't understand how a solution which worked perfectly just stopped completely.
# opnsense-revert -r 18.1.4 opnsense
# opnsense-update -kr 18.1
# /usr/local/etc/rc.reboot
Logged
Oxygen61
Sr. Member
Posts: 350
Karma: 32
Der Weg zum Erfolg hat keine Abkürzung - (Tanaka)
Re: [18.1.5] My NAT settings won't work anymore (OpenVPN DNS-Leak)
«
Reply #2 on:
March 26, 2018, 12:02:14 am »
Unbound DNS forwarding was active.... what the f*
Don't want to promise to much to myself but it seems like i found the issue.
See you all in 5 minutes with (hopefully) good feedback
Logged
Oxygen61
Sr. Member
Posts: 350
Karma: 32
Der Weg zum Erfolg hat keine Abkürzung - (Tanaka)
Re: [18.1.5] My NAT settings won't work anymore (OpenVPN DNS-Leak)
«
Reply #3 on:
March 26, 2018, 12:27:42 am »
I had some last problems with the update back to 18.1.5. but I was able to update via SSH CLI and it worked perfectly.
Sorry guys for all the mess. 18.1.5 is a gift for the community and I should really stop using the Unbound DNS in forwarding mode.
Logged
elektroinside
Hero Member
Posts: 574
Karma: 51
Re: [SOLVED] My NAT settings won't work anymore (OpenVPN DNS-Leak)
«
Reply #4 on:
March 26, 2018, 07:32:16 am »
Thank you for your feedback, glad to hear it worked out!
Logged
OPNsense v18
| HW: Gigabyte Z370N-WIFI, i3-8100, 8GB RAM, 60GB SSD, | Controllers: 82575GB-quad, 82574, I221, I219-V | PPPoE: RDS Romania | Down: 980Mbit/s | Up: 500Mbit/s
Team Rebellion Member
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
18.1 Legacy Series
»
[SOLVED] My NAT settings won't work anymore (OpenVPN DNS-Leak)