Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - packeteer

Pages1
#1
Virtual private networks / Re: DNS Outgoing Network Interface through VPN is failing
October 22, 2023, 08:53:00 PM
Thanks for the clarification.

Yes, firewall rules are my suspect.  I don't think the rest of my VPN traffic would be flowing if I had an issue with routes or NAT.

The biggest difference I've noted between the pfSense and OPNsense during this exercise is what NAT and firewall rules remain in place when Outbound NAT rule generation is switched from automatic to manual.  Based on the VPN setup document linked earlier, pfSense appears to retain the auto-generated rules and allows you to modify them.  OPNsense wipes the auto-generated rules.  If that's correct, the pfSense doc is probably quietly assuming a retained rule is in place which is passing DNS, which is not true under OPNsense.

I'll post the solution here when I find it.
#2
Virtual private networks / Re: DNS Outgoing Network Interface through VPN is failing
October 22, 2023, 04:08:06 AM
Thanks Cookiemonster.

If I understand you correctly, you're suggesting I should change the Outgoing Network Interfaces dropdown from the System interface I created (called ProtonVPN) to one of the OpenVPN clients I've configured?  I've tried that also (see attached screenshot) but it doesn't fix the issue.
#3
Virtual private networks / DNS Outgoing Network Interface through VPN is failing
October 21, 2023, 03:56:26 AM
Hi all,

Beginning with a default installation of OPNsense 23.7.6, I've configured it as an OpenVPN client for ProtonVPN.  ProtonVPN offers no guide to OPNsense so I used the most recent guide offered for pfSense: https://protonvpn.com/support/pfsense-2-6-x-vpn-setup/.  Translating instructions from pfSense to OPNsense was straightforward and I got a client up and running (steps 1-4 of the guide).  It works fine except for leaking DNS to the server configured at 'System -> Settings -> General'.  The final step of the guide, #5, configures the DNS resolver to prevent leaks.

This step directs me to change the 'Outgoing Network Interfaces' of the pfSense DNS Resolver to the established VPN Interface, which makes perfect sense.  Translated to OPNsense, I did this under 'Unbound DNS' -> Advanced Mode -> 'Outgoing Network Interfaces'.  This immediately halted all outbound DNS queries.  The only interface which appears to permit outbound DNS queries is on the WAN.

I've tried creating a rule to explicitly pass port 53 on the VPN interface as a solution, but without success.

Suggestions welcome.

Thank you!
Pages1