OPNsense Forum

English Forums => Virtual private networks => Topic started by: mplima on October 05, 2020, 03:59:06 pm

Title: OpenVPN option "block-outside-dns" as checkbox wanted
Post by: mplima on October 05, 2020, 03:59:06 pm

Hello there.

Since there is a DNS Leak in Windows10 with OpenVPN:

• https://github.com/ValdikSS/openvpn-fix-dns-leak-plugin (https://github.com/ValdikSS/openvpn-fix-dns-leak-plugin)
• https://community.openvpn.net/openvpn/ticket/605?__cf_chl_jschl_tk__=a6f7e219f2b7eea6fc3ca6b90a4110db5a79564c-1601904949-0-ARrwznt-ux1J9GjbUS8gszDZBI0hn28Dd0jy2ikTJxVf41p3aezfcUpfH25Ej8iSQAZtUu_HJtAeIloJIhyCbk_N7JPQ9WOOO7lXJiGRJu6a4e2xuzHFOzpQlGyO7yy6eHHqaHdg8tlO7J6qBdJ5-bXUeLq1bAb4PP1Cc8QQbgT1e8fJ2OdREtjaSsrA6pO5KmT0GCkXMOAW7xI_wakhhi7q_1biJQ0Fwu7kG9XDkEUB827hH6J7ildMj6KCdsKnuAGyjJ35xiFb-Vs78FSlrCi8AbrOIKG_o3B_NHK95U4n (https://community.openvpn.net/openvpn/ticket/605?__cf_chl_jschl_tk__=a6f7e219f2b7eea6fc3ca6b90a4110db5a79564c-1601904949-0-ARrwznt-ux1J9GjbUS8gszDZBI0hn28Dd0jy2ikTJxVf41p3aezfcUpfH25Ej8iSQAZtUu_HJtAeIloJIhyCbk_N7JPQ9WOOO7lXJiGRJu6a4e2xuzHFOzpQlGyO7yy6eHHqaHdg8tlO7J6qBdJ5-bXUeLq1bAb4PP1Cc8QQbgT1e8fJ2OdREtjaSsrA6pO5KmT0GCkXMOAW7xI_wakhhi7q_1biJQ0Fwu7kG9XDkEUB827hH6J7ildMj6KCdsKnuAGyjJ35xiFb-Vs78FSlrCi8AbrOIKG_o3B_NHK95U4n)
• https://redmine.pfsense.org/issues/6719 (https://redmine.pfsense.org/issues/6719)

it appears that our roadwarrior clients do not use our DNS server,
if they have a faster IPV6 (DNS) address in their cache.

We can fix this by adding:

   push "block-outside-dns"

at:
   Setting OpenVPN Server > Adv Options > Custom Options


Well this works quiet good, but we try to avoid using this field,
duo to security. Although this field is going to be removed in the future.

So it would be nice to have a checkbox for that command at the server config.
It would be really great, if you could implement that option.
 :)


kind regards,

martin