Potential DNS Rebind Attack Detected when connecting to local server through VPN



  • I have a VLAN setup that uses the OpenVPN client connected to PIA. Everything works perfect except for one thing. When I try and connect to a NextCloud server hosted on a differt VLAN I get the pfSense web page: Potential DNS Rebind Attack Detected.

    I don't see how this could happen. I try and connect to https://me.duckdns.org

    1: The VLAN gets PIA DNS servers from pfSense DHCP Server. The DNS queries should go out through the VPN like any other traffic. And when I check for DNS leaks all I see are PIA DNS Servers. So I should be getting the WAN IP address.

    2: If I ping the NextCloud server it pings the WAN IP. So it doesn't seem to be cached somewhere to the local IP.

    1. The request to NextCloud should go out through the VPN too, and then come back to my IP from a PIA address, and everything should work. But it doesn't. Where is this breaking down?

  • LAYER 8 Global Moderator

    "3) The request to NextCloud should go out through the VPN too, and then come back to my IP from a PIA address, and everything should work. But it doesn't. Where is this breaking down?
    "

    Why would you want it to work that way..  So you want to send traffic for a server on a vlan on your own local network out to the internet, and than back in through your wan.. Not very efficient.  Why not just let this server access the nextcloud directly?



  • Good question. Yes, it's not optimal. Very very little traffic though. I do have a host override, so anything that goes through pfsense for DNS will get the local IP. I haven't figured out how to do this on the VPN. It's basically a wifi VPN, so the hosts are things like iphones and androids. Since they don't go to pfsense for dns, they don't get the host override. And, I haven't figured out how to override it locally on the devices themselves.


Log in to reply