Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Intrusion Detection and Prevention
»
Suricata on a LAGG Device with VLANs
« previous
next »
Print
Pages: [
1
]
Author
Topic: Suricata on a LAGG Device with VLANs (Read 677 times)
wpn38l
Newbie
Posts: 4
Karma: 0
Suricata on a LAGG Device with VLANs
«
on:
May 04, 2024, 04:03:42 pm »
I've gone through the Forums and this question has been asked a couple of times but they don't seem to get answered. So I thought I would give it another shot.
My problem. I've got an Opnsense box running on a BMC Provider. It's running with dual Intel NICs that are aggregated on a LAGG device within Opnsense.
LAGG0
Parent: ix0 & ix1
Proto: lacp
Fast Timeout: Yes
Use flowid: Default
Hash Layers: Nothing Selected
Use strict: Default
MTU: 9000
lagg0_vlan4 - WAN
lagg0_vlan10 - LAN
Is it possible to use Suricata on such a configuration? All the guides I've read say not to select your VLAN interfaces and instead select the physical interfaces. I can't do that but I don't want to risk killing the connection by experimenting with other settings.
If I select the VLANs suricata starts and stops and complains about - opening devname netmap:lagg0_vlan4/R failed: Invalid argument
From my googling this is because it can't access the interface as it's already used.
Can anyone suggest a solution at all?
Cheers
Logged
Greg_E
Sr. Member
Posts: 342
Karma: 19
Re: Suricata on a LAGG Device with VLANs
«
Reply #1 on:
May 06, 2024, 07:56:09 pm »
Can you select LAGG0 as that is (sort of) your physical interface?
Logged
wpn38l
Newbie
Posts: 4
Karma: 0
Re: Suricata on a LAGG Device with VLANs
«
Reply #2 on:
May 07, 2024, 02:53:14 pm »
I tired that but it gave me the same error.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Intrusion Detection and Prevention
»
Suricata on a LAGG Device with VLANs
