VPN Interception by cloudflare-dns ?

MPC · ‎14-02-2019

Hi All,

My workplace used Big-F5 VPN Client as its VPN solution, and until today, this was perfect.

After lunch, I am now receiving a security alert when trying to connect, that the security certificate name does not match the expectation.

It appears that DNS interception has happened / been turned on as the certificate was issued by cloudflare-dns.com rather than the expected certificate authority for the workplace VPN service.

Anyone else seeing this?

Can plusnet comment?

I'm on residential fibre extra with a static IP address.

Screenshot attached. DNS being resolved by 192.168.1.254 (plusnet one hub)

Thanks,

Mark

MPC · ‎14-02-2019

Brief follow up -

The Hub One reports connection time of under 24 minutes.

Broadband network IP address:	80.229.139.xxx
Default gateway:	195.166.130.254
Primary DNS:	212.159.6.9
Secondary DNS:	212.159.6.10

It appears that the DNS went through a period of not being able to resolve correctly but that this has settled down since:

C:\Users\username>nslookup <workplace vpn>
Server: dsldevice.lan
Address: 192.168.1.254

*** dsldevice.lan can't find <workplace vpn>: Non-existent domain

Now that the DNS appears to be working as expected, the VPN to workplace connection appears to be operating without the cloudflare-dns MITM/Hijack.

Thanks for any feedback on what this was!

Cheers,

Mark

VPN Interception by cloudflare-dns ?

VPN Interception by cloudflare-dns ?

Re: VPN Interception by cloudflare-dns ?