OPNsense / Adguard / DNS & VPN questions

[P195]

Hi Everyone,

I've got OPNsense installed on my router/firewall and have Adguard Home setup in accordance with unbound DNS / DoT in OPNsense as per THIS guide.

I also use NordVPN which I currently use the Nord app for (in time I may put NordVPN on the router so I can route all of my network traffic over VPN, rather than having to have the Nord app on every device)

A couple of things that I'm unsure about:

- Can I use the VPN service together with AGH so my VPN tunnel also benefits from adblocking and the additional security provided by my AGH/Unbound DNS configuration? Does it make any sense to want to do this?

- Is it generally considered best practice to use the NordVPN DNS servers while using NordVPN or should I configure the DNS in the Nord app to use my local Adguard DNS ?

Many Thanks
P195

 

[Tech9]

You can redirect VPN DNS queries to your device, but may lose some of the "stealth" VPN features. Test and see how it goes.

I don't understand why in the example Unbound is run as forwarder to external DNS server. Not worth it just because of DoT. Both setups as resolver and forwarder have pros and cons, but I would at least try Unbound as resolver. No need to send your DNS query history to 3rd party company.

 

[P195]

Thank you for your reply

I assume that when using NordVPN's DNS that I wouldn't get the filtering/blocking capabilities that Adguard provides, so my thinking was that it would seem logical to me to want to take advantage of those benefits with VPN traffic too (not considering drawbacks that may exist by doing this - e.g more latency, slower speeds etc).

What do you mean by losing "stealth" features? could you give an example of what you mean by this and how I might go about testing to find out?

Regarding the DNS setup, do you mean you would suggest removing cloudflare from the picture and just use Adguard to filter and unbound to resolve the DNS queries?

Basically my end goal is just to be as private and secure as possible. I believe Adguard is good in this respect preventing malicious sites/pages/ads even loading in the first place, it's just more of a question about how to configure DNS so my search history is not visible both when connected to VPN and when not.

Many Thanks

 

[Tech9]

Basically my end goal is just to be as private and secure as possible.

Remove the VPN from the equation. It doesn't give you more privacy and security despite the advertisements and promises. You only limit yourself and deal with the inconveniences. When your VPN is enabled you send your browsing history to the VPN provider, your speed is limited and your latency is higher, your ISP knows you use VPN and which one, the sites you visit know you use VPN and which one and will start blocking you the moment they dislike your VPN. When your VPN is disabled both your ISP and Cloudflare get your browsing history. When you use Unbound as resolver only your ISP gets the picture what are you doing online. Your phones know everything about you including current location as well as your computers. Your IoT devices share data with some server in China, they perhaps know when you go to the bathroom. Your bank tracks your purchase habits and locations. Google perhaps already mapped your Wi-Fi SSID. What exactly privacy you were looking for again?