[Snort-users] Listening openVPN

Andre Rodier andre.rodier at ...14721...
Sun Dec 6 11:41:33 EST 2009


Hello everybody,


After googling around, I can'f find any answer to my question.


Is it possible to configure snort to listen on the virtual network 
adapter of OpenVPN (tap0) ?


I have tried to configure snort to do this, but apparently this fail:


var HOME_NET [10.10.1.0/24,192.168.0.0/24]


10.10.1/24 is the vpn network address, while 192.168.0.x is the physical 
network.


I use nmap to start a portscan, and the result is accurate on both 
interfaces. However, the only logs from Snort I have are coming from the 
physical network interface 192.168.0.0/24,


Do I have to do something special to authorise snort to listen this 
virtual interface ?

Thanks.





More information about the Snort-users mailing list