Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Intrusion Detection and Prevention
»
Suricata in Wan does not work with ppoe
« previous
next »
Print
Pages: [
1
]
Author
Topic: Suricata in Wan does not work with ppoe (Read 2149 times)
yeraycito
Sr. Member
Posts: 288
Karma: 17
Suricata in Wan does not work with ppoe
«
on:
December 19, 2023, 06:27:51 pm »
So far I had Suricata working correctly on Wan but I have changed internet provider and use ppoe. I have created the corresponding ppoe VLAN assigned to Wan and I have configured the Wan interface with ppoe with user - password. In interface assignments I have assigned the VLAN ppoe created earlier to Wan. With this configuration I have access to the internet without any problems. The problem is that Suricata in Wan does not work even if I put the Wan ip that I have assigned something that before if it worked perfectly, with that it does not work I mean that it does not block absolutely nothing, it is as if it did not recognise the interface. So that it recognizes it in interface assignments I have to put Wan in igb xxxxxx and create a new virtual interface for ppoe.
Logged
doktornotor
Hero Member
Posts: 709
Karma: 70
Re: Suricata in Wan does not work with ppoe
«
Reply #1 on:
December 20, 2023, 11:31:47 am »
IPS (netmap) won't work -
https://forum.opnsense.org/index.php?topic=33012.0
IDS needs "promiscuous" enabled.
Logged
JL
Newbie
Posts: 42
Karma: 1
Re: Suricata in Wan does not work with ppoe
«
Reply #2 on:
January 16, 2024, 05:58:28 pm »
check my post here (both IPS and IDS are working now)
https://forum.opnsense.org/index.php?topic=38140.0
the main issue of Suricata failing or not failing are MTU inconsistencies
There's a typical overhead (8 bytes for Windows / 22 bytes for Linux) to consider but bridges and ppp also add overhead.
So, if you start with the default MTU of 1500 (1518) or have jumbo frames (<=9000 MTU) this will have great effect.
I can say with confidence this approach works. Suricata is now up 100% of the time since 24 hours.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Intrusion Detection and Prevention
»
Suricata in Wan does not work with ppoe