By disabling rebind-attack you also restarted WG and maybe that did the trick?
Yes, that was also my first thought... BUT, that explanation does not work, because, in trying to fix it for a few hours before changing the "DNS rebind" setting, I had already restarted the WG tunnel 2 or 3 times. And those restarts did not make it work.
Quote:
enable "No DNS Rebind" and see if the connection is blocked again
Yes - already did that. And it is running now with "enabled" and the incoming connections are all working (as they did for many weeks before yesterday's outage).
This was the sequence of events:
I contacted the VPN support desk.
There was a 15 minutes pause between their replies, and then they said "Just tested your dedicated IP x.x.x.x Port forwarding works. Please check it again. "
I tested it and still not working
Then - almost immediately - I changed the DNS rebind - which restarted the WG tunnel and it instantly started to work.
I replied to VPN "seems working now here.... Did something change on your side ??"
VPN support desk replied "No, I didn't change anything on server side."
The other possibility is that the VPN support were not honest about "no changes", and they did actually re-enable port-forwarding, which then just required a tunnel restart on my side (after they had re-enabled it).
Other than all this ... the only difference I see when "DNS rebind" is enabled is lots of yellow messages in he syslog. I like to believe that it is actually preventing something ? and dropping inbound connection attempts "ie suspected rebind attacks". But who knows if it is doing anything other than filling up the syslog. BTW - those extra messages in syslog is no problem.
Joined: 31 Jul 2021 Posts: 2146 Location: All over YOUR webs
Posted: Wed Dec 08, 2021 9:01 Post subject:
Forgive me, I did not read every word on all replies to the topic.
DD-WRT has built in blocklists for telemetry etc... and these should be excluded from the rebind attack protection IMO, since most of these notices are due to that afaik, if thats not tru feel free to correct me.
Disabling No DNS rebind as a workaround is a bad idea, so some things should be whitelisted, like the built in blocklists or any user added by manual configuration.
This is not wireguard related, I have the odd entry on my log like so and I dont use wireguard (yet).