Snort is blocking remote ipsec vpn Hosts



  • Hi
    On my pfsense I've 6 IPSec VPNs. After installing snort with autoblocking and balanced mode and the passlist with Auto-Generated IP Addresses checked, Snort is blocking the Remote VPN Peers. The remote VPN peers are IP's which are dynamic.

    How could I allow this remote IPs.
    Thx
    admins



  • @admins
    The only way would be if the remote VPN peers are all in the same netblock. If they are, you could whitelist (Pass List) that netblock. I sort of doubt they are in the same netblock, though.

    Snort cannot currently handle dynamically changing host IP addresses for anything other than the actual interfaces on the firewall.

    You need to examine what rules are firing and see about disabling or suppressing any rules that are false positives. If the triggering rules are not false positives, then you need to really have a look at what your remote VPN peers are doing!