Overview

In a pfSense deployment with multiple local subnets configured as an OpenVPN client, I wanted to prevent DNS leaks.

Problem

In System / General Setup DNS servers other than the ones provided by the ISP via DHCP are configured, but DNS requests were still not being forwarded over the VPN connection.

Solution

The DNS resolver service (unbound) is configured on this firewall and it has a configuration option for selecting the interface to use for DNS requests.

In Services / DNS Resolver / General Settings, select the OpenVPN interface under Outgoing Network Interfaces. By default all interfaces are used, which causes a DNS leak.

![Screenshot of Outgoing Network Interfaces setting] (/img/2016-05-29-pfsense-dns-leak/1.png)

DNS requests will now be routed through your OpenVPN connection.