Ξ welcome to cryptostorm's member forums ~ you don't have to be a cryptostorm member to post here Ξ
Ξ any OpenVPN configs found on the forum are likely outdated. For the latest, visit here or GitHub Ξ
Ξ If you're looking for tutorials/guides, check out the new https://cryptostorm.is/#section6 Ξ

[Request] pfSense-Friendly Darknet Access

Post a reply


In an effort to prevent automatic submissions, we require that you complete the following challenge.
Smilies
:D :) ;) :( :o :shock: :? 8-) :lol: :x :P :oops: :cry: :evil: :twisted: :roll: :!: :?: :idea: :arrow: :| :mrgreen: :geek: :ugeek: :angel: :clap: :crazy: :eh: :lolno: :problem: :shh: :shifty: :sick: :silent: :think: :thumbdown: :thumbup: :wave: :wtf: :yawn:

BBCode is ON
[img] is ON
[flash] is OFF
[url] is ON
Smilies are ON

Topic review
   

If you wish to attach one or more files enter the details below.

Expand view Topic review: [Request] pfSense-Friendly Darknet Access

[Request] pfSense-Friendly Darknet Access

by parityboy » Fri Dec 30, 2016 7:37 am

@df

[For background, see here]

Can you alter the DeepDNS policies on the exit nodes such that if you query a darknet FQDN from an out-of-tunnel address (including other exits), the result is NXDOMAIN? In other words, if I'm connected to the German node and my query for an Onion address is sent to the Netherlands DeepDNS instance, the result is NXDOMAIN rather than 10.x.x.x.

This would enable us pfSense users to spin up multiple clients and not only load balance between them, but also specify the DeepDNS servers for those exit nodes in System->General Setup->DNS Server Settings. With this in place, queries for darknet TLDs will result in NXDOMAIN until the query hits the right server.

Top