Snort blocks users connection to OpenVPN



  • Hi guys,
     I've installed the default package for Snort and it's been working well.  I've enabled basic http rules as well as port scanning rules on our 2 WAN connections.  Unfortunately, I've found that once I connect to our OpenVPN server, snort will eventually block the client.  It appears that it thinks I'm port scanning.  Is there any way to exclude clients from getting blocked that are connecting to specific host and port?  I don't think the whitelist won't work for me, since I have no idea which ip address the client could connect from.  I found the answer in this forum post here.

    https://forums.snort.org/forums/support/topics/how-to-ignore-alerts-for-a-specific-destination-ip-address

    However I can't seem to find a way to add this via the web interface.  Any suggestions?

    Thanks,
    Todd


Log in to reply