Hi there, I have been following the WireGuard Selective Routing to External VPN Endpoint (https://wiki.opnsense.org/manual/how-tos/wireguard-selective-routing.html) guide and inevitably have DNS leaks now at the end of it, even when clients are successfully using the VPN, it fails all the DNS leak tests online which expose my home IP, and will be totally useless as a result
I run Unbound and it has all the ad-blocking stuff enabled so I am hoping to continue using it, only maybe make the DNS queries go over VPN instead of WAN?
The information at the very bottom of the guide is extremely confusing and jumbled up all over the place. I don't want to stop using my local Unbound and switch to the VPN's DNS server.. I don't want to lose local network name resolution either, as I use that as well.
So I don't understand what to do. The information at the bottom of this guide "Dealing with DNS leaks" is a bunch of vague theories with no information on how to actually accomplish anything.. as a novice user who depends on step by step guides to even get this far, it leaves me super confused and not knowing what to do
- My OPNsense installation is 192.168.1.1
- It's running Unbound+Ad Blocking for my home network
- It is using KEA DHCP reservations to assign hostnames to my local clients, and provide DHCP leases to clients which gives them 192.168.1.1 to use as DNS server
- I have ProtonVPN WireGuard endpoint created and can assign hosts to it through the alias, but the DNS leaks and exposes my home IP
- I don't want to change to an external DNS server nor lose local network hostname resolution
I want my browsing IP to show as the VPN, but also the DNS Leak Test address to show the VPN IP as well. I still retain using Unbound with ad-blocking for client DNS queries. Local hostnames are still resolvable
I have asked Google Gemini for some help because I can't really make sense of it all but I'd rather actually get the correct answers here and am willing to donate again once I get this fixed, as it's sort of holding up my entire network setup at the moment
Thanks again in advance for any help, I can provide any additional required details!
if using Kea you would have to find the internal DNS server protovpn uses. and add that to the list under kea> subnet > DNS.
then reboot the device and that DNS server will show on the list and should be used.
im using Kea with another "providers" and this method works perfectly with no "leaks"
I have the WireGuard config file, it says 10.2.0.1 is the DNS server! I forgot to include this, sorry! But I wasn't sure how this comes into play.. And if it's using that DNS server won't it be bypassing my Unbound?
I will go look around and see if I can find that, thanks for your response!
you will be leaking from the proton test unless you use their DNS server.
proton does their own adblocking. which is why you would want to use their own private dns servers.