Suricata wont block VPN interface



  • I have 2 outbound network interfaces, 1 for my WAN (which is double NATed) and 1 for my VPN (where pfsense is the client, not the server).

    I am using suricata on both of the outbound interfaces in blocking mode, with identical configurations and rule sets.

    Suricata works as expected on the WAN and blocks based on the applied rules.

    However, on the VPN suricata will log alerts, but does not perform blocking actions.

    Can somebody assist me with how to block on the VPN interface?

    Is this some issue due to the virtual address of the VPN interface?


  • Netgate Administrator

    OpenVPN or IPSec? I assume OpenVPN if pfSense is a client.

    Are you running Surucata in in-line mode?

    Steve