DNS Leak on pfSense router with OpenVPN

Help Community Help
1

The issue I am facing:
Some of my devices leak DNS requests. More specifically, it's my android phone and company laptop (only when connected to company's L2TP VPN) that leaks DNS requests. What's interesting is that the DNS requests are not leaked to my ISP's DNS server. Instead, the DNS leak test shows my public IP.

I tested DNS leak on this website https://dnsleaktest.com

Details about my system:
I recently installed pfSense on a Qotom mini fanless PC. I configured the router to router all traffic through an OpenVPN connection. The VPN I used is ExpressVPN. I followed their instruction on this page to set it up: https://www.expressvpn.com/support/vpn-setup/pfsense-with-expressvpn-openvpn/

Both of the devices that leak DNS are connecedt to my network through WiFi. My desktop which is not leaking DNS requests is connected to a netgear switch, and the switch is connected to the router. The WiFI access point is connected to the router on another port. All ports except the WAN port on the router are bridged together to be LAN port.

My pfSense version is: 2.4.5-RELEASE (amd64)
My android OS version is 9. I did not manually set DNS server on wifi setting. I let DHCP decide what to use. After I established connection to wifi, the setting shows that I am using Pi-hole as my DNS sever along with an IPv6 address.

What I have changed since installing Pi-hole:
There was no DNS leak before I configured the router to use pi-hole as the only DNS server in pfSense's general settings and DHCP server settings. I don't know whether this is the correct way of forcing DNS requests.

I just changed my DNS configurations on pfSense back to original to see if I still leak DNS. Now, not only my android phone leaks DNS but also my desktop. The DNS leak test shows my public IP as my only DNS server.

What I wanted to achieve:
1, I want to route all my traffic, except PS4, through VPN.
3, I want all devices on my network by default use Pi-Hole as DNS server.
2, I want my pi-hole's DNS request to also go through VPN, so that I can both enjoy the ad block functionality and stay anonymous.

2

Welp, I somewhat fixed my own issue just a few moments ago. :thinking:

I followed this instruction here: https://digitalave.github.io/spring/2019/09/18/Configure_DNS_DHCP_with_pfSense.html

I believe the key is to configure DSN Resolver. Make sure the "Outgoing Network Interfaces" is set to the VPN interface.

Anyway, thanks everyone who read my question. If you are doing the same and having issues, let me know. I might be able to provide a little help. But keep in mind I'm new to pfSense and Pi-Hole.