61
Intrusion Detection and Prevention / Suricata, LAN and VLAN
« on: August 23, 2019, 09:18:31 pm »
I've noticed a funny issue trying to set up Suricata on my LAN side, especially with regards to my IOT devices connecting to the internet (wall switches, plugs, thermostats, etc.). Just to give some background, here's my setup:
WAN: from Google Fiber (tagged with VLAN 2 as required by GF)
LAN: does not have a VLAN tag on it. Use this for my PC connection.
LAN.VLAN10: A separate VLAN where all of my IOT devices are connected (so that they cannot talk to the devices on the other LAN connection).
(BTW, running LEDE on an AC1750 Archer C7 as an Access Point)
OPNSense/Suricata setup:
Disable Hardware Checksum Offload: Checked
Disable Hardware TCP Segmentation Offload: Checked
Disable Hardware Large Receive Offload: Checked
VLAN Hardware Filtering: I've had this on both "Leave Default" and on "Disable" for testing.
Intrusion Detection Enabled: Checked
IPS Mode: Checked
Promiscuous Mode: Unchecked
Interfaces: WAN
I have no problems just on the WAN side. However, when I try to add LAN by itself, I no longer have access to my IOT devices from outside my home and my IOT devices lose internet connectivity. If I add LAN/LAN.VLAN10, the IOT devices connect but again I cannot control them from outside. Once I remove LAN/LAN.VLAN10 and only have WAN selected, everything works fine.
Has anyone gotten Suricata working with IOT devices? I'd love to get your input.
Thanks in advance.
WAN: from Google Fiber (tagged with VLAN 2 as required by GF)
LAN: does not have a VLAN tag on it. Use this for my PC connection.
LAN.VLAN10: A separate VLAN where all of my IOT devices are connected (so that they cannot talk to the devices on the other LAN connection).
(BTW, running LEDE on an AC1750 Archer C7 as an Access Point)
OPNSense/Suricata setup:
Disable Hardware Checksum Offload: Checked
Disable Hardware TCP Segmentation Offload: Checked
Disable Hardware Large Receive Offload: Checked
VLAN Hardware Filtering: I've had this on both "Leave Default" and on "Disable" for testing.
Intrusion Detection Enabled: Checked
IPS Mode: Checked
Promiscuous Mode: Unchecked
Interfaces: WAN
I have no problems just on the WAN side. However, when I try to add LAN by itself, I no longer have access to my IOT devices from outside my home and my IOT devices lose internet connectivity. If I add LAN/LAN.VLAN10, the IOT devices connect but again I cannot control them from outside. Once I remove LAN/LAN.VLAN10 and only have WAN selected, everything works fine.
Has anyone gotten Suricata working with IOT devices? I'd love to get your input.
Thanks in advance.