Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Potential DNS Rebind Attack Detected when connecting to local server through VPN

    Scheduled Pinned Locked Moved Routing and Multi WAN
    3 Posts 2 Posters 1.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      baj702
      last edited by

      I have a VLAN setup that uses the OpenVPN client connected to PIA. Everything works perfect except for one thing. When I try and connect to a NextCloud server hosted on a differt VLAN I get the pfSense web page: Potential DNS Rebind Attack Detected.

      I don't see how this could happen. I try and connect to https://me.duckdns.org

      1: The VLAN gets PIA DNS servers from pfSense DHCP Server. The DNS queries should go out through the VPN like any other traffic. And when I check for DNS leaks all I see are PIA DNS Servers. So I should be getting the WAN IP address.

      2: If I ping the NextCloud server it pings the WAN IP. So it doesn't seem to be cached somewhere to the local IP.

      1. The request to NextCloud should go out through the VPN too, and then come back to my IP from a PIA address, and everything should work. But it doesn't. Where is this breaking down?
      1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator
        last edited by

        "3) The request to NextCloud should go out through the VPN too, and then come back to my IP from a PIA address, and everything should work. But it doesn't. Where is this breaking down?
        "

        Why would you want it to work that way..  So you want to send traffic for a server on a vlan on your own local network out to the internet, and than back in through your wan.. Not very efficient.  Why not just let this server access the nextcloud directly?

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        1 Reply Last reply Reply Quote 0
        • B
          baj702
          last edited by

          Good question. Yes, it's not optimal. Very very little traffic though. I do have a host override, so anything that goes through pfsense for DNS will get the local IP. I haven't figured out how to do this on the VPN. It's basically a wifi VPN, so the hosts are things like iphones and androids. Since they don't go to pfsense for dns, they don't get the host override. And, I haven't figured out how to override it locally on the devices themselves.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.