Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - yurka

Pages1

General Discussion / Re: Forward traffic from one VPN to another

July 22, 2023, 06:35:49 PM

1. My gateways for WireGuard on SiteA and SiteB wasn't properly configured. I needed to add the WireGuard's Local Tunnel Address for each Site.
2. Then I configured on SiteA route for 10.0.2.0/24 to WireGuard gateway
3. On SiteB's WireGuard Endpoint I added the OpenVPN range (10.50.0.0/24) to Allow IPs

Now it working as planned.

10x

General Discussion / Re: Forward traffic from one VPN to another

July 22, 2023, 12:20:16 PM

Nice, now how to do so?
Let's assume:
SiteA - 10.0.1.0/24
SiteB - 10.0.2.0/24
WireGuard Tunnel - 10.200.0.0/24
OpenVPN Tunnel - 10.50.0.0/24

How and where can I setup routing?

I did created allow rules for following interfaces:
SiteB-WireGuard: Allow
Source: 10.50.0.0/24, 10.200.0.0/24, Dest: 10.0.2.0/24,
Source: 10.0.2.0/24 Dest:10.50.0.0/24, 10.200.0.0/24

SiteA-WireGuard: Allow
Source: 10.50.0.0/24, Dest: 10.0.2.0/24
Source: 10.0.2.0/24, Dest: 10.50.0.0/24

SiteA-OpenVPN: Allow
Source: 10.50.0.0/24, Dest: 10.0.2.0/24
Source: 10.0.2.0/24,10.200.0.0/24 Dest: 10.50.0.0/24

This is not working. I see in Logs, on interface OpenVPN access allow. The I see on SiteA-WireGuard access allow, but on SiteB I do not see the package at all. Nor in Deny and not in Allow.

General Discussion / Forward traffic from one VPN to another

July 21, 2023, 07:59:52 PM

Hi,
I have two sites with WireGuard VPN in between them (SiteA, SiteB). Users connect to SiteA with OpenVPN clients, but in need to communicate with PCs in SiteB too. Is it possible to do so? Route data from OpenVPN to WireGuard when destination is SiteB?
Thanks

Intrusion Detection and Prevention / Re: ET telemetry rules - no auto updates

May 31, 2020, 03:06:28 PM

@yeraycito - THANKS!!!!!
I don't see any reason why it started to work, but it did.
I changed the Services: Intrusion Detection: Administration:Schedule from:
Minutes:0,Hours:0/6,Day of the month:*,Months:*,Days of the week:* (what basically says update at 6:00,12:00,18:00,00:00 hours every day)
TO
Minutes:11,Hours:6,Day of the month:1-30,Months:1-12,Days of the week:1-7 (update at 6:11AM each day)
I played with the timing, going back and forward. Each time when I set my initial times it stops the updates, then I update rules manually and set second timer all working fine.

@N0_Klu3: Try first see that when you press "Download&Update Rules" it actually update all your Enabled rules correctly, then change the scheduler to what I wrote before. Give it a day or two to run.

Intrusion Detection and Prevention / Re: ET telemetry rules - no auto updates

May 22, 2020, 03:33:32 AM

Hi,

Log seems fine:

Code Select

2020-05-21T12:02:12	suricata: [100585] <Notice> -- rule reload complete
2020-05-21T12:00:13	suricata: [100585] <Notice> -- rule reload starting
2020-05-21T09:10:21	suricata: [100585] <Notice> -- rule reload complete
2020-05-21T09:06:20	suricata: [100585] <Notice> -- rule reload starting
2020-05-20T08:40:18	suricata: [100585] <Notice> -- rule reload complete
2020-05-20T08:38:52	suricata: [100585] <Notice> -- rule reload starting
2020-05-19T06:04:20	suricata: [100585] <Notice> -- rule reload complete
2020-05-19T06:03:00	suricata: [100585] <Notice> -- rule reload starting
2020-05-18T06:46:34	suricata: [100585] <Notice> -- all 2 packet processing threads, 4 management threads initialized, engine started.
2020-05-18T06:45:10	suricata: [100585] <Warning> -- [ERRCODE: SC_WARN_DEFAULT_WILL_CHANGE(317)] - in 5.0 the default for decoder event stats will go from 'decoder.<proto>.<event>' to 'decoder.event.<proto>.<event>'. See ticket #2225. To suppress this message, set stats.decoder-events-prefix in the yaml.
2020-05-18T06:45:10	suricata: [101384] <Notice> -- This is Suricata version 4.1.8 RELEASE
2020-05-18T06:45:10	suricata: [100167] <Notice> -- Stats for 'bce1+': pkts: 244078, drop: 0 (0.00%), invalid chksum: 0
2020-05-18T06:45:10	suricata: [100167] <Notice> -- Stats for 'bce1': pkts: 344785, drop: 0 (0.00%), invalid chksum: 11
2020-05-18T06:45:09	suricata: [100167] <Notice> -- Signal Received. Stopping engine.
2020-05-18T06:35:37	suricata: [100167] <Notice> -- rule reload complete
2020-05-18T06:34:51	suricata: [100167] <Notice> -- rule reload starting
2020-05-18T06:34:37	suricata: [100167] <Notice> -- rule reload complete
2020-05-18T06:34:16	suricata: [100167] <Notice> -- rule reload starting
2020-05-18T06:34:08	suricata: [100167] <Notice> -- rule reload complete
2020-05-18T06:33:26	suricata: [100167] <Notice> -- rule reload starting

For the cron, I set it for each 6 hours.

Intrusion Detection and Prevention / ET telemetry rules - no auto updates

May 21, 2020, 01:33:12 PM

Hi,

I have 20.1.6 with et pro telemetry plugin. I got the correct token and entered it in IDS rules screen. Then I enabled all rules and activated schedule updates. The other rules do make the auto updates, but not the et pro rules. When I manually press download and update it works fine. Any ideas why it doesn't do auto updates?

Thx

20.1 Legacy Series / Re: ET telemetry rules not updated

May 16, 2020, 12:04:26 PM

Any thoughts? ???

20.1 Legacy Series / ET telemetry rules not updated

May 13, 2020, 03:21:34 AM

Hi,

I have 20.1.6 with et pro telemetry plugin. I got the correct token and entered it in IDS rules screen. Then I enabled all rulles and activated schedule updates. The other rules do make the auto updates, but not the et pro rules. When I manually press download and update it works fine. Any ideas why it doesn't do auto updates?

Thx

20.1 Legacy Series / Re: Sources connections on World Map

April 18, 2020, 04:12:09 PM

Thanks, will dig to it... :)

#10

20.1 Legacy Series / Sources connections on World Map

April 18, 2020, 11:30:21 AM

Hi all,

Is it possible to display connections sources on worldmap for deeper understanding the originals...for Geo block in case it needed?

Thx

Pages1