Enabling Suricata IPS mode breaks OpenVPN IPv6

athurdent · February 04, 2020, 09:14:12 AM

My installation runs on a Proxmox KVM with VTXNET interfaces.

OpenVPN IPv6 connections work fine with Suricata disabled and also when it's enabled without IPS mode.
Enabling IPS mode results in:

Code Select

09:04:04.141495 IP6 (flowlabel 0x093d8, hlim 54, next-header TCP (6) payload length: 44) 2a02:***.57451 > 2a04:***.443: Flags [S], cksum 0xec4a (correct), seq 984059939, win 65535, options [mss 1380,nop,wscale 6,nop,nop,TS val 1291158504 ecr 0,sackOK,eol], length 0
09:04:05.146364 IP6 (flowlabel 0x093d8, hlim 54, next-header TCP (6) payload length: 44) 2a02:***.57451 > 2a04:***.443: Flags [S], cksum 0xe862 (correct), seq 984059939, win 65535, options [mss 1380,nop,wscale 6,nop,nop,TS val 1291159504 ecr 0,sackOK,eol], length 0
09:04:06.152410 IP6 (flowlabel 0x093d8, hlim 54, next-header TCP (6) payload length: 44) 2a02:***.57451 > 2a04:***.443: Flags [S], cksum 0xe479 (correct), seq 984059939, win 65535, options [mss 1380,nop,wscale 6,nop,nop,TS val 1291160505 ecr 0,sackOK,eol], length 0

My incoming firewall rules for port 443 IPv6 logs the connection as successful, IPS does not log any Alert when trying to connect.

Enabling Suricata IPS mode breaks OpenVPN IPv6

athurdent

February 04, 2020, 09:14:12 AM