Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Generate automatic white-list for Snort

    Scheduled Pinned Locked Moved IDS/IPS
    2 Posts 2 Posters 906 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      Teddy
      last edited by

      Hey everyone,
      i'm currently running PFSense with Snort and VPN (Cyberghost).

      But there is one problem:
      Sometimes Snort blocks the IP adress of the current VPN session because of any activity (P2P, Portscan etc. from the remote VPN adress as source).
      Consequently, the VPN connection breaks and VPN connects to a new server, so not really stable setup.

      Is it possible to generate automatic an IP-whitelist with the remote-IP of the VPN?
      The pass list, including VPN doesn't work, it only adds the virtual IP adress of the VPN but not the remote-adress of the VPN.

      Do you have any solution or a script, that generates a whiteliste entry with the current VPN remote-adress?

      Best regards! :)
      Teddy

      1 Reply Last reply Reply Quote 0
      • V
        vbentley
        last edited by

        I don't use any commercially provided VPN's so I'm not entirely certain where your problem is. However, perhaps terminating your side of the VPN on a new pfSense interface (LAN2/OPT1 whatever) introducing an additional hop may help if you want specific Snort rules (or none) for this interface only.

        Trademark Attribution and Credit
        pfSense® and pfSense Certified® are registered trademarks of Electric Sheep Fencing, LLC in the United States and other countries.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.