Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Provide VPN interface for Snort to inspect

    IDS/IPS
    1
    2
    821
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Y
      yoink last edited by

      Thanks for the wonderful guide at the top of the sub forum. It helped me get started with Snort and was extremely helpful.

      Once question I can't seem to find an answer for is how to provide an interface, which represents the OpenVPN server on my pfSense box, for Snort to inspect.

      While I can see the WAN and LAN alerts, and often match the WAN alerts to a corresponding host on my LAN, for OpenVPN clients connecting through pfSense I only see the alerts generated on the WAN interface as the address pool being used for OpenVPN isn't part of the LAN address  pool or DHCP server, but rather provided by the OpenVPN server itself.

      1 Reply Last reply Reply Quote 0
      • Y
        yoink last edited by

        Thanks to a hint from a kind user on the IRC channel it was as simple as creating an interface (on the Interfaces menu), with the available port provided by the OpenVPN Server service, and assigning it the same IP address the OpenVPN Server has had self-assigned from the address pool listed in the settings.

        Subsequently the interface became available to add/inspect by snort and it was as simple as duplicating my LAN ruleset for it.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post

        Products

        • Platform Overview
        • TNSR
        • pfSense
        • Appliances

        Services

        • Training
        • Professional Services

        Support

        • Subscription Plans
        • Contact Support
        • Product Lifecycle
        • Documentation

        News

        • Media Coverage
        • Press
        • Events

        Resources

        • Blog
        • FAQ
        • Find a Partner
        • Resource Library
        • Security Information

        Company

        • About Us
        • Careers
        • Partners
        • Contact Us
        • Legal
        Our Mission

        We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

        Subscribe to our Newsletter

        Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

        © 2021 Rubicon Communications, LLC | Privacy Policy