Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Snort is blocking remote ipsec vpn Hosts

    IDS/IPS
    2
    2
    301
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      admins last edited by

      Hi
      On my pfsense I've 6 IPSec VPNs. After installing snort with autoblocking and balanced mode and the passlist with Auto-Generated IP Addresses checked, Snort is blocking the Remote VPN Peers. The remote VPN peers are IP's which are dynamic.

      How could I allow this remote IPs.
      Thx
      admins

      bmeeks 1 Reply Last reply Reply Quote 0
      • bmeeks
        bmeeks @admins last edited by bmeeks

        @admins
        The only way would be if the remote VPN peers are all in the same netblock. If they are, you could whitelist (Pass List) that netblock. I sort of doubt they are in the same netblock, though.

        Snort cannot currently handle dynamically changing host IP addresses for anything other than the actual interfaces on the firewall.

        You need to examine what rules are firing and see about disabling or suppressing any rules that are false positives. If the triggering rules are not false positives, then you need to really have a look at what your remote VPN peers are doing!

        1 Reply Last reply Reply Quote 0
        • First post
          Last post