cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

VPN Interception by cloudflare-dns ?

MPC
Grafter
Posts: 28
Registered: ‎14-02-2019

VPN Interception by cloudflare-dns ?

‎20-05-2020 3:15 PM

Hi All,

 

My workplace used Big-F5 VPN Client as its VPN solution, and until today, this was perfect.

 

After lunch, I am now receiving a security alert when trying to connect, that the security certificate name does not match the expectation.

It appears that DNS interception has happened / been turned on as the certificate was issued by cloudflare-dns.com rather than the expected certificate authority for the workplace VPN service.

 

Anyone else seeing this?

Can plusnet comment?

 

I'm on residential fibre extra with a static IP address.

 

Screenshot attached.  DNS being resolved by 192.168.1.254 (plusnet one hub)

 

Thanks,

 

Mark

Labels:
Message 1 of 2
(423 Views)
0 Thanks
1 REPLY 1
MPC
Grafter
Posts: 28
Registered: ‎14-02-2019

Re: VPN Interception by cloudflare-dns ?

‎20-05-2020 3:25 PM

Brief follow up -

 

The Hub One reports connection time of under 24 minutes.

 

Broadband network IP address: 80.229.139.xxx  
Default gateway: 195.166.130.254  
Primary DNS: 212.159.6.9  
Secondary DNS: 212.159.6.10

 

It appears that the DNS went through a period of not being able to resolve correctly but that this has settled down since:

 

C:\Users\username>nslookup <workplace vpn>
Server:  dsldevice.lan
Address:  192.168.1.254

*** dsldevice.lan can't find <workplace vpn>: Non-existent domain

 

Now that the DNS appears to be working as expected, the VPN to workplace connection appears to be operating without the cloudflare-dns MITM/Hijack.

 

Thanks for any feedback on what this was!

Cheers,

Mark

Message 2 of 2
(414 Views)
0 Thanks