"
I used option 3 and got it to work, thanks for your help!!
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages1
#1
Virtual private networks / Re: Selective IPs over PIA WG working but DNS Leaks
February 20, 2023, 02:15:02 AM #2
Virtual private networks / Re: Selective IPs over PIA WG working but DNS Leaks
February 19, 2023, 12:38:54 AM
actually none, I created a new rule based on this fromthe wiki
Note
If the DNS servers supplied by your VPN provider are local IPs (ie, within the scope of the RFC1918_Networks Alias created in Step 8), then, as discussed in Step 8, you will need to create an additional firewall rule in OPNsense to ensure that requests to those servers use the tunnel gateway rather than the normal WAN gateway. This rule would be similar to that created in Step 8, except that the destination would be your VPN provider's DNS server IPs and the destination invert box would be unchecked. This rule would also need to be placed above the rule created in Step 8
but I'm not using any of the 5 options listed, I thought that by creating that extra rule it would work
any suggestions as to which one would work best, I do have Haproxy setup to access my synology NAS and Nextcloud via my domain
Note
If the DNS servers supplied by your VPN provider are local IPs (ie, within the scope of the RFC1918_Networks Alias created in Step 8), then, as discussed in Step 8, you will need to create an additional firewall rule in OPNsense to ensure that requests to those servers use the tunnel gateway rather than the normal WAN gateway. This rule would be similar to that created in Step 8, except that the destination would be your VPN provider's DNS server IPs and the destination invert box would be unchecked. This rule would also need to be placed above the rule created in Step 8
but I'm not using any of the 5 options listed, I thought that by creating that extra rule it would work
any suggestions as to which one would work best, I do have Haproxy setup to access my synology NAS and Nextcloud via my domain
#3
Virtual private networks / Selective IPs over PIA WG working but DNS Leaks
February 18, 2023, 11:01:09 PM
recently moved to OPNsense, and having issues with dns leaks for traffic routed thru PIA WG tunnel.
I have PIA Wireguard working using the script that's floating around, it's working and I'm able to route specific IPs thru the tunnel, so far all is good.
note: I did create and additional rule with PIA DNS servers as suggested at the very end of the OPNsense wiki "WireGuard Selective Routing to External VPN Endpoint"
In addition I have AdGuard Home setup using this guide (working and blocking good)
3 -Opnsense - System - Settings -General
DNS Servers: empty
Untick: Do not use the local DNS service as a nameserver for this system
Untick: Allow DNS server list to be overridden by DHCP/PPP on WAN
4 - Services – DHCPv4 – [LAN] : DNS Servers all empty
5 – Opnsense – Services - Unbound DNS – General
Tick: Enable Unbound ( Listen Port: 5353 )
Tick: Enable DNSSEC Support
Network Interfaces: All
6 - Opnsense - Services - Unbound - Dns Over Tls
Server IP: 1.1.1.1
Server Port: 853
Verify CN: cloudflare-dns.com
7 - Activate and start AdGuardHome from Services --> AdGuardHome
8 - Navigate to Opnsense ip:3000/ ( 192.168.1.1:3000 ) to complete the setup Adguard
9 - Adguard Home - DNS Configuration - Upstream Servers:
Add Opnsense ip:5353 ( 192.168.1.1:5353 ) Delete those that exist
10 – Adguard Home – DNS Configuration – Bootstrap DNS servers
Add Opnsense ip:5353 ( 192.168.1.1:5353 ) Delete those that exist
11 - Adguard Home - DNS Configuration - Private reverse DNS servers:
192.168.1.1:5353
Instead of the PIA DNS, I get Cloduflare DNS when checking for dns leaks
My question, How can I stop the DNSleaks for those IPs routed thru the PIA WG Tunnel?
I have PIA Wireguard working using the script that's floating around, it's working and I'm able to route specific IPs thru the tunnel, so far all is good.
note: I did create and additional rule with PIA DNS servers as suggested at the very end of the OPNsense wiki "WireGuard Selective Routing to External VPN Endpoint"
In addition I have AdGuard Home setup using this guide (working and blocking good)
3 -Opnsense - System - Settings -General
DNS Servers: empty
Untick: Do not use the local DNS service as a nameserver for this system
Untick: Allow DNS server list to be overridden by DHCP/PPP on WAN
4 - Services – DHCPv4 – [LAN] : DNS Servers all empty
5 – Opnsense – Services - Unbound DNS – General
Tick: Enable Unbound ( Listen Port: 5353 )
Tick: Enable DNSSEC Support
Network Interfaces: All
6 - Opnsense - Services - Unbound - Dns Over Tls
Server IP: 1.1.1.1
Server Port: 853
Verify CN: cloudflare-dns.com
7 - Activate and start AdGuardHome from Services --> AdGuardHome
8 - Navigate to Opnsense ip:3000/ ( 192.168.1.1:3000 ) to complete the setup Adguard
9 - Adguard Home - DNS Configuration - Upstream Servers:
Add Opnsense ip:5353 ( 192.168.1.1:5353 ) Delete those that exist
10 – Adguard Home – DNS Configuration – Bootstrap DNS servers
Add Opnsense ip:5353 ( 192.168.1.1:5353 ) Delete those that exist
11 - Adguard Home - DNS Configuration - Private reverse DNS servers:
192.168.1.1:5353
Instead of the PIA DNS, I get Cloduflare DNS when checking for dns leaks
My question, How can I stop the DNSleaks for those IPs routed thru the PIA WG Tunnel?
Pages1
