1
Intrusion Detection and Prevention / Re: Suricata on a LAGG Device with VLANs
« on: May 07, 2024, 02:53:14 pm »
I tired that but it gave me the same error.
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1]
2
Intrusion Detection and Prevention / Suricata on a LAGG Device with VLANs
« on: May 04, 2024, 04:03:42 pm »
I've gone through the Forums and this question has been asked a couple of times but they don't seem to get answered. So I thought I would give it another shot.
My problem. I've got an Opnsense box running on a BMC Provider. It's running with dual Intel NICs that are aggregated on a LAGG device within Opnsense.
LAGG0
Parent: ix0 & ix1
Proto: lacp
Fast Timeout: Yes
Use flowid: Default
Hash Layers: Nothing Selected
Use strict: Default
MTU: 9000
lagg0_vlan4 - WAN
lagg0_vlan10 - LAN
Is it possible to use Suricata on such a configuration? All the guides I've read say not to select your VLAN interfaces and instead select the physical interfaces. I can't do that but I don't want to risk killing the connection by experimenting with other settings.
If I select the VLANs suricata starts and stops and complains about - opening devname netmap:lagg0_vlan4/R failed: Invalid argument
From my googling this is because it can't access the interface as it's already used.
Can anyone suggest a solution at all?
Cheers
My problem. I've got an Opnsense box running on a BMC Provider. It's running with dual Intel NICs that are aggregated on a LAGG device within Opnsense.
LAGG0
Parent: ix0 & ix1
Proto: lacp
Fast Timeout: Yes
Use flowid: Default
Hash Layers: Nothing Selected
Use strict: Default
MTU: 9000
lagg0_vlan4 - WAN
lagg0_vlan10 - LAN
Is it possible to use Suricata on such a configuration? All the guides I've read say not to select your VLAN interfaces and instead select the physical interfaces. I can't do that but I don't want to risk killing the connection by experimenting with other settings.
If I select the VLANs suricata starts and stops and complains about - opening devname netmap:lagg0_vlan4/R failed: Invalid argument
From my googling this is because it can't access the interface as it's already used.
Can anyone suggest a solution at all?
Cheers
3
Virtual private networks / Re: Selective Routing through Wireguard works for Ping / DNS / Curl but can't browse
« on: November 23, 2023, 05:41:01 pm »
You are a legend. That did the trick.
Thank you so much for that.
Thank you so much for that.
4
Virtual private networks / Selective Routing through Wireguard works for Ping / DNS / Curl but can't browse
« on: November 23, 2023, 04:41:49 pm »
Howdy,
I've got a Wireguard tunnel setup using the Selective Routing guide. The tunnel is up and appears to be working. Ping responses to External hosts are on par with non VPN traffic, I can resolve hosts with no issues, using Curl to check my IP and I get the VPN IP address that I expect. I can even use IPERF to do a bandwidth test and everything seems to be flowing at good speeds.
However, I can't browse the web. The firewall isn't catching anything in terms of blocks etc.. Everything is being passed. I've messed around with MTU and used ping to work out one that doesn't result in fragmentation but that doesn't make any difference.
Investigating the traffic flow I suspect there's something wrong with my NAT config but I don't know what. When I turn on logging for all of my rules I can see the Inbound traffic to my LAN interface with the source being the workstation and the destination being the external host. I can then see the outbound NAT with the source being the workstation and the destination being the external. Finally, I can see outbound traffic that is caught by the floating rule with the source being my Wireguard Peer Address and the destination being the external host. (I've attached a screenshot).
I've gone through the guide several times and each time I get the same result. I've tested a wireguard connection using the Surfshark app on my workstation and it works so it's not the provider.
If anyone can point me in the right direction because I'm at a loss. From what I can tell it should work but it just does not want to.
I've got a Wireguard tunnel setup using the Selective Routing guide. The tunnel is up and appears to be working. Ping responses to External hosts are on par with non VPN traffic, I can resolve hosts with no issues, using Curl to check my IP and I get the VPN IP address that I expect. I can even use IPERF to do a bandwidth test and everything seems to be flowing at good speeds.
However, I can't browse the web. The firewall isn't catching anything in terms of blocks etc.. Everything is being passed. I've messed around with MTU and used ping to work out one that doesn't result in fragmentation but that doesn't make any difference.
Investigating the traffic flow I suspect there's something wrong with my NAT config but I don't know what. When I turn on logging for all of my rules I can see the Inbound traffic to my LAN interface with the source being the workstation and the destination being the external host. I can then see the outbound NAT with the source being the workstation and the destination being the external. Finally, I can see outbound traffic that is caught by the floating rule with the source being my Wireguard Peer Address and the destination being the external host. (I've attached a screenshot).
I've gone through the guide several times and each time I get the same result. I've tested a wireguard connection using the Surfshark app on my workstation and it works so it's not the provider.
If anyone can point me in the right direction because I'm at a loss. From what I can tell it should work but it just does not want to.
Pages: [1]