Can't bridge internal Wireguard interface to the outside
-
Hey guys hope you can help me here.
I have PfSense on Proxmox and have several interfaces connected to it. Now I want to monitor all these interfaces on another VM (SecurityOnion) which I can do easy with the Proxmox Virtual Interfaces / Networks, but what is missing is the decrypted "VPN_WG" Wireguard Interface (the one were the already decrypted traffic can be observed) which is only visible from inside the PfSense VM.
How can I now mirror the traffic to an interface that is reachable from outside, so the traffic on it can be inspected?
I researched and found that adding a Bridge with Span Port is the solution but it doesn't work.Here is what I tried so far:
- Added a new Network in Proxmox and attached it to the PfSense VM
- Assigned it as OPT5 in PfSense
- Enabled it
- Created new Bridge, with "VPN_WG" being selected as the Member Interfaces and "OPT5" as a Span Port:
- Assigned the new BRIDGE01 as "OPT6":
- Enable "OPT6" as well.
Still there is no packet coming to the OPT5 interface even though VPN_WG is receiving packets.
I tried the same thing with the "LAN" interface as the member interface and it worked with no problem, but it seems impossible on the VPN_WG interface.I already asked in the general section, but they agreed that posting it here would be a good idea, as people here may know more about why I can't bridge this specific interface.
If anyone can help me I would really appreciate it.
Greetings
Martin