"In any case, if you configure your DNS Resolver to use the LAN interface as outgoing interface, the DNS Resolver should use the same routing than your computer, VPN or not."
Can anyone confirm that this is true? I never tested it, but it would be nice to get a confirm. I had an issue, similar to what Antonio is trying to do, that required something like this in the past. Also, are not the firewall rules ingress only, what would be the relationship between the DNS resolver being on an ingress interface instead of egrees? How does it 'set it self up' on this interface? On Mon, May 7, 2018 at 4:36 AM, Stephane Bouvard <m...@frn.be> wrote: > Hi, > > Try this : > > - Create a gateway group (System / Routing / Gateway Groups) with VPN > Gateway as Tier 1 and WAN Gateway as Tier 2 > > - Use this gateway group as outgoing gateway (in my config, i use a LAN > Firewall rule with the created gateway group, and i use LAN as outgoing > interface for my DNS Resolver). > > In any case, if you configure your DNS Resolver to use the LAN interface as > outgoing interface, the DNS Resolver should use the same routing than your > computer, VPN or not. > > > > > Le 07-05-18 à 01:09, Antonio a écrit : >> >> After messing around for much of the weekend and reading a bit here and >> there I have made one small step to achieving my goal. Basically, I am >> able to bound the DNS Resolver to the VPN interface by selecting it >> under "Outgoing Network Interfaces". This all traffic goes through the >> VPN tunnel, including DNS queries. Infact, when I go on dnsleaktest.com, >> I do not have any leaks and this is very positive. >> >> The only problem is that when the VPN link fails, then I cannot resolve >> DNS queries anymore on my LAN devices. So, what I need to do now, is >> understand how I can achieve this automatically, i.e. when the VPN link >> comes up, it tells the DNS Resolver to route through the VPN tunnel; >> when the VPN link is down, it tells the DNS Resolver to route the DBS >> queries through the LAN interface. Any suggestions? > > -- > Bien à vous... > > _ Envie de vous concentrer sur votre coeur de métier ? > (_' Nous gérons et surveillons vos serveurs pour vous > ,_)téphane Bouvard http://www.myown.eu > > _______________________________________________ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
