Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Suricata wont block VPN interface

    IDS/IPS
    2
    2
    539
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      spastic_networker last edited by

      I have 2 outbound network interfaces, 1 for my WAN (which is double NATed) and 1 for my VPN (where pfsense is the client, not the server).

      I am using suricata on both of the outbound interfaces in blocking mode, with identical configurations and rule sets.

      Suricata works as expected on the WAN and blocks based on the applied rules.

      However, on the VPN suricata will log alerts, but does not perform blocking actions.

      Can somebody assist me with how to block on the VPN interface?

      Is this some issue due to the virtual address of the VPN interface?

      1 Reply Last reply Reply Quote 0
      • stephenw10
        stephenw10 Netgate Administrator last edited by

        OpenVPN or IPSec? I assume OpenVPN if pfSense is a client.

        Are you running Surucata in in-line mode?

        Steve

        1 Reply Last reply Reply Quote 0
        • First post
          Last post