syslog on WAN with Public IP not sending into IPSec even with NAT

[dstr]

Hi,

I have the problem that the syslog server is only sending from the wan interface and if this is an Public IP the syslog Server is not finding its route into the IPsec Tunnel. I tried to add an outbound NAT Rules by its still not working even though the natted address is in the IPSec Tunnel.


Its still on the WAN interface and not on the enc0 interface

Enabled
Transport
Hostname
Description
Commands
UDP(4)   172.35.2.227

ESP IPv4 tunnel   10.2.4.248/29   172.35.0.0/16   AES (256 bits) + SHA256 + 21 (NIST EC 521 bits)

it seems that the Ips in the tunnel are not placed as a route to any interface so it can find it.

how to change this please?

if the WAN interface IP is an subnet in the tunnel, it works.

why is it only sending from WAN interface?

[dstr]

Found the workaround -> Bridge between WAN interface and the interface that is in the IPSec Tunnel. It would be much easier to just bind the syslog to the interface though, wierd that syslog"-ng" does not support such an basic function.

How worthy is next gen without basic functions?

[dstr]

Hasnt outlived an reboot. So wasnt an workaround.
Still the question why cant I bind the syslog server to an interface?

[dominico]

Have you found a feasible solution for this issue? I am facing with same problems. I just noticed that in pfsense you can set-up sending interface for syslog.

[Patrick M. Hausen]

Hasnt outlived an reboot. So wasnt an workaround.
Still the question why cant I bind the syslog server to an interface?

Because nobody has implemented that feature, yet?

[Patrick M. Hausen]

I have started working on it ...

[Auriok]

I have started working on it ...

Wonderful to hear!  Was looking for how to do this and glad I found this.

[EHRETic]

I have started working on it ...

Lovely to hear that too, I just started to implement Wazuh in my lab and was figuring out why one of my FW was not able to send logs back to the server