If DNS not pushed by VPN, do DNS resolution requests still go out through VPN tunnel?

I'm working on implementing VPN ->Tor -> VPN by following Mirmir's Guide, as updated in his video.

The reason I want this setup is because:

1. I don't want my ISP to know that I'm using TOR
2. I want to implement a degree of protection against bad-guy exit nodes seeing my traffic

My first-hop VPN provider knows who I am because they can see my IP. They do not push DNS.

In Mirimir's guide for setting up pfsense1, it is suggested to insert the DNS server that is pushed over OpenVPN. Since no DNS is being pushed to me, I've inserted Google's DNS servers here instead.

I'm fine with the DNS requests going in the clear from my VPN provider's server to Google's DNS servers, however I want to avoid a situation where requests don't go out over the tunnel and instead go unencrypted through my ISP to Google's DNS servers. That would defeat objective 1 above.

Assuming I've set my OpenVPN up correctly in pfsense1, will the DNS resolution requests to Google's servers go out over the VPN tunnel, despite the fact that my VPN is not pushing DNS to me?

 

Unless you specifically configure VPNs otherwise, all traffic gets routed through the tunnel. It's not like Tor, which can only transport TCP traffic. The routing and firewall rules in pfSense prevent leaks.

 

Okay thanks Mirimir. And thanks so much for your guide also, it was great!

Are the routing and firewall rules in your vimeo video the latest ones that you use to prevent leaks, or have you added any additional ones since that was made?

Also I know that the inner network has to be on a different subnet to the outer one. So in the inner pfSense router the default 192.168.1.1 setting in Interfaces/LAN and the range in Services/DHCP server needs to be changed to another subnet e.g. 192.168.7.1 and a range in that net. Is it also necessary to change the subnet mask somewhere so that it is not 255.255.255.0 like the outer network?

 

Thanks I'll be updating my guides soon, and adding others.

Yes, the setup in my Vimeo video is the best that I know. I do plan to add sound, but first I need to learn text to voice, and how to synch with video.

No, the subnet mask is always 255.255.255.0.

 

Okay thanks mirimir.

I've done video tutorials and text to speech before, a thought on one way to do this:

Camtasia Studio is good software for piecing video tutorials together. It includes a screen-recording app which also records audio.

With TextAloud you can highlight a paragraph of text and have it read out loud using text to speech. You have the option of built-in voice engines or more natural sounding ones you can buy. From the ones you can buy, Acapela Rachel22 (UK English) sounds very good. Last time I researched this was a few years ago, so maybe there is a better voice available now.

I find it easier to record the on-screen actions separately to the voice recording. Since you have the video recorded already you could play that and just highlight the paragraph you want read aloud when your video reaches that section. Since you are recording the speech read out by your own computer, just plug the earphones jack into the microphone jack (you'll have to adjust the volume down when you do this). Camtasia recorder or whatever sound recording software you like will save the recording as an audio file.

You can piece the audio and video files together with Camtasia studio, or whatever editing software you like. Camtasia studio also lets you add blocks of colour - useful if you want to block anything on your screen from appearing in the video.