Suricata on a LAGG Device with VLANs

Started by wpn38l, May 04, 2024, 04:03:42 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
May 04, 2024, 04:03:42 PM
I've gone through the Forums and this question has been asked a couple of times but they don't seem to get answered. So I thought I would give it another shot.

My problem. I've got an Opnsense box running on a BMC Provider. It's running with dual Intel NICs that are aggregated on a LAGG device within Opnsense.

LAGG0
Parent: ix0 & ix1
Proto: lacp
Fast Timeout: Yes
Use flowid: Default
Hash Layers: Nothing Selected
Use strict: Default
MTU: 9000

lagg0_vlan4 - WAN
lagg0_vlan10 - LAN

Is it possible to use Suricata on such a configuration? All the guides I've read say not to select your VLAN interfaces and instead select the physical interfaces. I can't do that but I don't want to risk killing the connection by experimenting with other settings.

If I select the VLANs suricata starts and stops and complains about - opening devname netmap:lagg0_vlan4/R failed: Invalid argument

From my googling this is because it can't access the interface as it's already used.

Can anyone suggest a solution at all?

Cheers

May 06, 2024, 07:56:09 PM #1
Can you select LAGG0 as that is (sort of) your physical interface?
May 07, 2024, 02:53:14 PM #2
I tired that but it gave me the same error.
Print
Go Up Pages1
User actions