[Snort-users] Listening openVPN

Andre Rodier andre.rodier at ...14721...
Sun Dec 6 11:41:33 EST 2009

Hello everybody,

After googling around, I can'f find any answer to my question.

Is it possible to configure snort to listen on the virtual network 
adapter of OpenVPN (tap0) ?

I have tried to configure snort to do this, but apparently this fail:

var HOME_NET [,]

10.10.1/24 is the vpn network address, while 192.168.0.x is the physical 

I use nmap to start a portscan, and the result is accurate on both 
interfaces. However, the only logs from Snort I have are coming from the 
physical network interface,

Do I have to do something special to authorise snort to listen this 
virtual interface ?


More information about the Snort-users mailing list