"
Hi,
I'm trying to set up a scheme like this:
WAN -> stunnel (OPNsense) -> site (LAN).
stunnel acts as a TLS termination proxy.
This works, but Suricata does not see traffic between stunnel and the site on the LAN. How can this be fixed? I specifically applied TLS termination to OPNsense so that Suricata could see the decrypted traffic, but it does not see it, only the site's responses to clients are in the logs.
Thanks!
I'm trying to set up a scheme like this:
WAN -> stunnel (OPNsense) -> site (LAN).
stunnel acts as a TLS termination proxy.
This works, but Suricata does not see traffic between stunnel and the site on the LAN. How can this be fixed? I specifically applied TLS termination to OPNsense so that Suricata could see the decrypted traffic, but it does not see it, only the site's responses to clients are in the logs.
Thanks!
