Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN SPAN (Mirroring) Port?

    Scheduled Pinned Locked Moved OpenVPN
    3 Posts 3 Posters 2.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      n41xp
      last edited by

      Hi everyone,

      we managed to build a Site-to-Site VPN for our branch office which tunnels all Internet traffic through our main office.

      However we wanted to pipe this traffic through our NSM system, running Suricata and Bro on a different host.

      For our internal network we used a bridge interface and a span port (which is connected to the NSM box), but there is no way to add the OpenVPN Interface to this bridge.

      Is there a way to mirror the OpenVPN traffic to a physical interface?

      Please let me know if you need more information about our setup.

      Thanks in advance!

      Chris

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        1. Be on pfSense 2.2.2
        2. Assign the OpenVPN interface (Interfaces > (assign), click + with it selected, enable, give it a name leave the IP types at "none", save/apply)
        3. Assign and enable the physical port you wish to mirror traffic using
        4. Create a bridge including only the newly assigned VPN interface as a bridge member, and the other port as a span port.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • B
          browner87
          last edited by

          Hi jimp, these steps aren't working for me. I have a very tiny change to the above problem in that I have an SG-2220, so only 1 LAN port. I made a new interface for a VLAN and set that vlan as the mirror interface for the VPN, but I'm not seeing any traffic.

          Do you think maybe something is simply dropping the VLAN packets because they have no destination? Or are there any extra steps to span to a vlan?

          EDIT:

          1. Some people might want to see https://forum.pfsense.org/index.php?topic=49930.0 - this solved my issue with VPN suddenly not working anymore after assigning the interface. Another day saver by jimp!

          2. I think maybe there is an issue with the bridging. When I run

          tcpdump -nAi ovpns1 host 192.168.40.60

          I see all my phone's traffic. When I run

          tcpdump -nAi igb1_vlan8 host 192.168.40.60

          I see nothing. Would this indicate I totally broke something? I have:
          VPN -> ovpns1 (VPN Name) as an enabled interface,
          VPNSPAN -> VLAN8 on igb1 (VPN Span) as an enabled interface, and
          BRIDGE0 (Members: VPN)

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.