Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Snort/Barnyard2 will not connect to MySQL (Snorby) over IPsec Tunnel.

    Scheduled Pinned Locked Moved
    IDS/IPS
    2
    4
    1.1k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      piperfect
      last edited by

      Snort/Barnyard2 will not connect to MySQL (Snorby) over IPsec Tunnel.

      I can connect from the remote site from an Ubuntu box. 
      When I perform a packet capture I don't see it even attempt to connect to MySql via IPsec.

      pfSense Snort instances at the same site as the MySQL server connect well.

      If there a setting somewhere that I am missing to tell Barnyard to use the tunnel?
      I am fairly sure I have done this in the past.  Maybe a racoon vs charon issue?

      1 Reply Last reply Reply Quote 0
      • bmeeksB
        bmeeks
        last edited by

        Not sure I can be much help with this one.  The MySQL traffic from Barnyard2 to your DB is plain vanilla and should not be affected by going over the tunnel.  I would start my troubleshooting by looking at the routing.

        Can you ping the MySQL box from the firewall's console (the one where you can't get Barnyard2 to connect from)?  Can you ping the MySQL box from some host that is on the same subnet as Snort is running on?

        In other words, forget Snort and Barnyard2 for the moment and test just basic network connectivity across the tunnel between a host on the LAN behind the Snort interface on the source firewall and the target MySQL box.

        Bill

        1 Reply Last reply Reply Quote 0
        • P
          piperfect
          last edited by

          Thank you for the reply.  I tried that.  It is only the remote pfSense box that isn't using the tunnel.  The remote pfSence box wont even ping across the tunnel.

          I can connect to the MySQL from the remote site over the IPsec VPN tunnel from a Linux box.  The pfSense box cannot even ping across the tunnel, everything else can.

          2.1.5-RELEASE at the local site.

          2.2-RELEASE at the remote site.

          After update the remote site only the pfSense box cannot ping across the tunnel.
          The local site pfSense box can ping across the tunnel.

          Is there something I need to do to get the pfSense box to recognize its own routing?

          1 Reply Last reply Reply Quote 0
          • P
            piperfect
            last edited by

            OK I connected a tunnel from another pfSense box using 2.2.1-RELEASE and another using version 2.0.1-RELEASE ….I get the same result.

            I can ping from other computers on the remote LAN subnet to computers on the local LAN subnet but not from the pfSense boxes themselves.

            This should be an IPsec topic not a IDS/IPS topic.  I will start a new thread in the IPsec fourm.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post