Snort mailing list archives
Re: Snort and OpenVPN
From: Kevin Ross <kevross33 () googlemail com>
Date: Tue, 4 Feb 2014 12:44:56 +0000
Without knowing your setup I imagine you are trying to have snort inspect encrypted VPN traffic which it cannot do. I would suggest playing Snort to detect traffic on interfaces that the traffic must pass through when on your internal network and it is unencrypted (i.e in a typical enterprise deployment this would be somewhere behind the VPN concentrator before it is encrypted or after it is decrypted). Regards, Kevin On 4 February 2014 10:27, Dmitry Korzhevin <dmitry.korzhevin () stidia com>wrote:
Hi, Please, advice - what i did wrong with configuration of my snort install - i can't see any openvpn traffic with my current snort config, thru i can see regular traffic, pptp, ipsec. Snort installed on one server together with openvpn, openvpn has 3 interfaces: tun0, tun1, tun2. If i run snort manually and use tun* as parameter for interface - it works, and i can see traffic in console. i.e.: snort -dev -i tun0 Maby some problems with configuration of interfaces? My current config: # Setup the network addresses you are protecting ipvar HOME_NET any # Set up the external network addresses. Leave as "any" in most situations ipvar EXTERNAL_NET any Whole snort.conf: http://paste.debian.net/plain/80076 Best Regards, Dmitry --- Dmitry KORZHEVIN System Administrator STIDIA S.A. - Luxembourg e: dmitry.korzhevin () stidia com m: +38 093 874 5453 w: http://www.stidia.com ------------------------------------------------------------------------------ Managing the Performance of Cloud-Based Applications Take advantage of what the Cloud has to offer - Avoid Common Pitfalls. Read the Whitepaper. http://pubads.g.doubleclick.net/gampad/clk?id=121051231&iu=/4140/ostg.clktrk _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Managing the Performance of Cloud-Based Applications Take advantage of what the Cloud has to offer - Avoid Common Pitfalls. Read the Whitepaper. http://pubads.g.doubleclick.net/gampad/clk?id=121051231&iu=/4140/ostg.clktrk
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Snort and OpenVPN Dmitry Korzhevin (Feb 04)
- Re: Snort and OpenVPN Kevin Ross (Feb 04)
- Re: Snort and OpenVPN Dmitry Korzhevin (Feb 04)
- Message not available
- Re: Snort and OpenVPN Dmitry Korzhevin (Feb 04)
- Re: Snort and OpenVPN Dmitry Korzhevin (Feb 04)
- Re: Snort and OpenVPN Kevin Ross (Feb 04)