1126
18.1 Legacy Series / Re: OpenVPN with unbound dns leak
« on: April 05, 2018, 12:51:36 pm »Whenever I enable unbound and then run dnsleaktest.com it shows my underlying ISP nameservers
Did you double check? When running unbound as a resolver, dnsleaktest.com should show your own public IP address. Of course it shows your ISP's name, because this is where you get your IP address from. (If you don't have a public IP address (CGNAT), then it will show an IP address of your ISP's NAT gateway.)
- If you don't need to resolve internal hostnames, just disable unbound and use external DNS servers. Since your clients query these servers directly, traffic will always go through the VPN tunnel(s).
- If you need to resolve internal hostnames and have one VPN tunnel, make unbound send all queries through the VPN tunnel. You can specify Outgoing Network Interfaces in Unbound DNS / General / Advanced, but I don't know if this works for VPN connections. If it doesn't, enable forwarding in unbound and create static routes to your specified external DNS servers, using your VPN gateway as next-hop.
- If you need to resolve internal hostnames and have multiple VPN tunnels and need unbound to send queries through a specific VPN tunnel depending on what LAN interface the request is coming from... you're out of luck. You would need multiple instances of unbound running. This won't work with OPNsense.