Re: [pfSense] Mastering DNS Resolver and tweaking behaviour with VPN

2018-05-06 Thread Antonio 
Correct, no windows for me.

Respect your privacy and that of others, don't give your data to big 
corporations.
Use alternatives like Signal (https://whispersystems.org/) for your messaging 
or 
Diaspora* (https://joindiaspora.com/) for your social networking.

Il 06/05/2018 20:01, Lorenz Schori ha scritto:
> Hi,
>
> On Sun, 6 May 2018 09:47:17 +0100
> Antonio  wrote:
>
>> I can across that website yesteday and although I have pfSense 2.4.3
>> installed (I believe it ships OpenVPN 2.4.4), I get that the option is
>> not supported although it could be that the server onthe other end is
>> not supporting it?
>>
>> "Options error: Unrecognized option or missing or extra parameter(s)
>> in /var/etc/openvpn/client1.conf:46: block-outside-dns (2.4.4)"
> I should have mentioned that this is a windows-specific option and you
> should push it to your clients (unless of course you do not have any
> windows clients).
>
> Cheers,
> Lorenz

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Mastering DNS Resolver and tweaking behaviour with VPN

2018-05-06 Thread Antonio 
Hi Lorenz,

I can across that website yesteday and although I have pfSense 2.4.3
installed (I believe it ships OpenVPN 2.4.4), I get that the option is
not supported although it could be that the server onthe other end is
not supporting it?

"Options error: Unrecognized option or missing or extra parameter(s) in
/var/etc/openvpn/client1.conf:46: block-outside-dns (2.4.4)"

Cheers

Respect your privacy and that of others, don't give your data to big 
corporations.
Use alternatives like Signal (https://whispersystems.org/) for your messaging 
or 
Diaspora* (https://joindiaspora.com/) for your social networking.

Il 06/05/2018 09:29, Lorenz Schori ha scritto:
> Hi,
>
> Only covering b).
>
> On Sun, 6 May 2018 03:30:32 +0100
> Antonio  wrote:
>
>> b) *OpenVPN Clients* - this seems to be a new option that wasn't
>> covered in Marks video. Nor is there reference to this in the pfSense
>> book.
> This was introduced in 2.4.3. see:
> https://redmine.pfsense.org/issues/6847
>
> It basically makes it easy to connect to OpenVPN clients in the field
> from your LAN using the name from their client certificate. This is the
> exact opposite most people are doing with their VPNs.
>
>> Is this the magic setting that forces DNS resolver to route DNS
>> querries through the VPN tunnel?
>> **Although from the description in
>> pfSense this doesn't look like what I'm after.**
> There is actually a magic feature in OpenVPN >= 2.3.9
> See: https://dnsleaktest.com/how-to-fix-a-dns-leak.html
>
> Not sure whether this works for every client OS though. I recommend to
> test this thoroughly if your security / security of your clients depends
> on it.
>
> Cheers,
> Lorenz

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold