Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Potential DNS Rebind Attack Detected when connecting to local server through VPN

    Routing and Multi WAN
    2
    3
    1089
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      baj702 last edited by

      I have a VLAN setup that uses the OpenVPN client connected to PIA. Everything works perfect except for one thing. When I try and connect to a NextCloud server hosted on a differt VLAN I get the pfSense web page: Potential DNS Rebind Attack Detected.

      I don't see how this could happen. I try and connect to https://me.duckdns.org

      1: The VLAN gets PIA DNS servers from pfSense DHCP Server. The DNS queries should go out through the VPN like any other traffic. And when I check for DNS leaks all I see are PIA DNS Servers. So I should be getting the WAN IP address.

      2: If I ping the NextCloud server it pings the WAN IP. So it doesn't seem to be cached somewhere to the local IP.

      1. The request to NextCloud should go out through the VPN too, and then come back to my IP from a PIA address, and everything should work. But it doesn't. Where is this breaking down?
      1 Reply Last reply Reply Quote 0
      • johnpoz
        johnpoz LAYER 8 Global Moderator last edited by

        "3) The request to NextCloud should go out through the VPN too, and then come back to my IP from a PIA address, and everything should work. But it doesn't. Where is this breaking down?
        "

        Why would you want it to work that way..  So you want to send traffic for a server on a vlan on your own local network out to the internet, and than back in through your wan.. Not very efficient.  Why not just let this server access the nextcloud directly?

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        2440 2.4.5p1 | 2x 3100 2.4.4p3 | 2x 3100 22.01 | 4860 22.05

        1 Reply Last reply Reply Quote 0
        • B
          baj702 last edited by

          Good question. Yes, it's not optimal. Very very little traffic though. I do have a host override, so anything that goes through pfsense for DNS will get the local IP. I haven't figured out how to do this on the VPN. It's basically a wifi VPN, so the hosts are things like iphones and androids. Since they don't go to pfsense for dns, they don't get the host override. And, I haven't figured out how to override it locally on the devices themselves.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post