Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
20.1 Legacy Series
»
VPN/unbound dns leak
« previous
next »
Print
Pages: [
1
]
Author
Topic: VPN/unbound dns leak (Read 3740 times)
crt333
Jr. Member
Posts: 56
Karma: 0
VPN/unbound dns leak
«
on:
June 25, 2020, 05:04:17 pm »
As I understand it when running unbound (recursive, not forwarding) and doing dns leak testing the address of the WAN connection is reported.
I route all devices through my VPN tunnel, so reporting the WAN (ISP) address when doing DNS leak tests is undesirable (pretty much the definition of a dns leak).
Is there a way to fix this or is not using unbound the only solution?
Logged
nzkiwi68
Full Member
Posts: 182
Karma: 20
Re: VPN/unbound dns leak
«
Reply #1 on:
June 26, 2020, 01:42:35 am »
What about just binding unbound to LAN interface (plus any other interfaces you need)
Logged
crt333
Jr. Member
Posts: 56
Karma: 0
Re: VPN/unbound dns leak
«
Reply #2 on:
June 26, 2020, 06:34:51 pm »
Thanks for the suggestion. Do you know that works or it is something to try?
Logged
crt333
Jr. Member
Posts: 56
Karma: 0
Re: VPN/unbound dns leak
«
Reply #3 on:
June 26, 2020, 06:49:41 pm »
That works, many thanks. I had tried the VPN tunnel rather than the LAN, which didn't work, but LAN does.
Logged
crt333
Jr. Member
Posts: 56
Karma: 0
Re: VPN/unbound dns leak
«
Reply #4 on:
June 26, 2020, 08:14:06 pm »
Sorry, that didn't work, unbound was forwarding when I set to LAN. When not forwarding unbound doesn't respond when I do this.
Logged
nzkiwi68
Full Member
Posts: 182
Karma: 20
Re: VPN/unbound dns leak
«
Reply #5 on:
June 27, 2020, 03:48:03 am »
My unbound...
Check;
Outgoing Network Interfaces
I only bind unbound to interfaces I want unbound to answer queries on.
Then, I make unbound send out all it's queries from only the LAN interface
Logged
crt333
Jr. Member
Posts: 56
Karma: 0
Re: VPN/unbound dns leak
«
Reply #6 on:
June 27, 2020, 06:20:42 pm »
Thanks for the info and pic. You have forwarding turned on, which I also had working, but when I turned it off name resolution stopped.
Despite my earlier claim with forwarding disabled I tried again to use the VPN tunnel itself for outbound instead of LAN, and that works.
The logs show no more use of the system configured nameservers and all the traffic goes out through the VPN tunnel, so I guess I'm all set now.
Thanks again for your ideas!
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
20.1 Legacy Series
»
VPN/unbound dns leak