iOS VPN app triggers TP-Link Archer router DoS protection blocklist
I was experiencing some issues with iOS devices using the PIA VPN app, and I believe I have determined the issue.
My TP-Link Archer C7 v2 router has begun adding iOS device IPs to its "Blocked DoS Host List" (see Security > Advanced Security > Blocked DoS Host List in the router's web admin) immediately upon activation of the VPN. Once the VPN is deactivated, "clear all" on the Blocked DoS Host List setting page restores network access to affected devices.
I have had some initial success increasing the packet threshold for ICMP-FLOOD and UDP-FLOOD in the Advanced Security settings, but am not certain of where to strike the balance between avoiding false-positives for the PIA VPN client and missing detection of other potential threats.
Any advice here is much appreciated.
My TP-Link Archer C7 v2 router has begun adding iOS device IPs to its "Blocked DoS Host List" (see Security > Advanced Security > Blocked DoS Host List in the router's web admin) immediately upon activation of the VPN. Once the VPN is deactivated, "clear all" on the Blocked DoS Host List setting page restores network access to affected devices.
I have had some initial success increasing the packet threshold for ICMP-FLOOD and UDP-FLOOD in the Advanced Security settings, but am not certain of where to strike the balance between avoiding false-positives for the PIA VPN client and missing detection of other potential threats.
Any advice here is much appreciated.
Comments
Another thought is to whitelist the iOS MAC address since the IP might change if using DHCP.
The other though is to run the VPN from the router. Keep the app on the device for when you go to a hot spot.