Netgate SG-1000 microFirewall

Author Topic: pfBlockerNG with OpenVPN client  (Read 975 times)

0 Members and 1 Guest are viewing this topic.

Offline Xentrk

  • Jr. Member
  • **
  • Posts: 49
  • Karma: +6/-0
    • View Profile
pfBlockerNG with OpenVPN client
« on: March 07, 2017, 09:22:03 am »
Hello,

I'm using release 2.3.3.  I recently read through the forum and read websites on how to configure pfBlockerNG for ad blocking.  I have a WAN, LAN and OpenVPN Client interface called TGInterface.  This is a Torguard OpenVPN client to my rivate-ip address. All clients/traffic use the TGInterface interface. I can access websites when I change from DNS Forwarder to DNS Resolver without enabling pfBlockerNG. But when I enable pfBlockerNG with DNSBL, I can't access the internet.  How can I configure pfBlockerNG to play nice with the OpenVPN client interface so I can browse ad free while all traffic is using the OpenVPN client interface?

Thanks!
3 x ASUS RT-AC88U | ASUS Merlin 380.69 | AB-Solution | Skynet
D-Link 880L | DD-WRT 3.0-r29837 | entware | pixelserv-tls | using AD Block forked from https://github.com/aviadra/anti-ads-pack
pfSense appliance SG-2440 | 2.4.2_p1 | pfBlockerNG | with D-Link 880L as AP flashed with DD-WRT 3.0-r30016M

Offline mich04

  • Newbie
  • *
  • Posts: 22
  • Karma: +1/-0
    • View Profile
Re: pfBlockerNG with OpenVPN client
« Reply #1 on: March 08, 2017, 07:30:39 am »
I am using pfsense    2.3.2-RELEASE-p1
and pfblockerng      2.1.1_6

Under pfblockerng -- General did you select your OpenVPN Interface for outbound and inbound rules, There is also a check box that states this right below the boxes that show your interfaces.

Quote
"Select to add auto-rules for OpenVPN. This is only required when the OpenVPN Interface is not listed above.
OpenVPN Server (Outbound auto-rules only), OpenVPN Client (Both In/Outbound auto-rules)
These will be added to 'Floating Rules' or OpenVPN rules tab."

I am also using the DNS Resolver with Openvpn

Offline Xentrk

  • Jr. Member
  • **
  • Posts: 49
  • Karma: +6/-0
    • View Profile
Re: pfBlockerNG with OpenVPN client
« Reply #2 on: March 08, 2017, 10:04:25 am »
Thanks for the response. 

With the VPN Interface (TGINTERFACE) selected for inbound and outbound, I can access all websites. But ads are not being blocked. At least you have it working which gives me hope. I thought there may be an issue with DNS Resolver vs the DNS severs used by the OpenVPN client. Not sure what else to try.   

Update:
I was able to get pfBlockerNG working with my OpenVPN Client. I decided to read thru all of the posts again in hopes I would find the solution. Luckily, I did not have to go far.  It was this post https://forum.pfsense.org/index.php?topic=102470.msg573167#msg573167 that talked about OpenVPN issues with DHCP and Unbound.  I then looked at my DHCP Server / LAN settings and noticed I had my VPN provider’s DNS servers listed in the Servers – DNS Servers section. The note below this says:

“Leave blank to use the system default DNS servers: this interface's IP if DNS Forwarder or Resolver is enabled, otherwise the servers configured on the System / General Setup page.”

I already the VPN provider’s DNS servers specified in the System / General Setup tab.  Not sure why I had listed them here as well.  And per the note above, leave blank.  Once I did that, ad blocking started working. 
On the pfBlockerNG General Setup screen, the OpenVPN Interface is what I have selected for both the Inbound and Outbound Firewall Rules.  I am happy it is working now!

« Last Edit: March 11, 2017, 05:47:37 am by Xentrk »
3 x ASUS RT-AC88U | ASUS Merlin 380.69 | AB-Solution | Skynet
D-Link 880L | DD-WRT 3.0-r29837 | entware | pixelserv-tls | using AD Block forked from https://github.com/aviadra/anti-ads-pack
pfSense appliance SG-2440 | 2.4.2_p1 | pfBlockerNG | with D-Link 880L as AP flashed with DD-WRT 3.0-r30016M

Offline Tom7755

  • Newbie
  • *
  • Posts: 17
  • Karma: +0/-0
    • View Profile
Re: pfBlockerNG with OpenVPN client
« Reply #3 on: February 08, 2018, 02:03:41 am »
So you are just using the default DNS servers? Aren't those your ISP's DNS servers? That means you'll be leaking DNS, which defeats the purpose of using the VPN.

I'm still trying to solve this issue too, but that doesn't seem like the way to do it.