Suricata wont block VPN interface
spastic_networker last edited by
I have 2 outbound network interfaces, 1 for my WAN (which is double NATed) and 1 for my VPN (where pfsense is the client, not the server).
I am using suricata on both of the outbound interfaces in blocking mode, with identical configurations and rule sets.
Suricata works as expected on the WAN and blocks based on the applied rules.
However, on the VPN suricata will log alerts, but does not perform blocking actions.
Can somebody assist me with how to block on the VPN interface?
Is this some issue due to the virtual address of the VPN interface?
OpenVPN or IPSec? I assume OpenVPN if pfSense is a client.
Are you running Surucata in in-line mode?