Announcement

Collapse
No announcement yet.

Intrusion prevention whitelist openVPN Traffic?

Collapse
This topic is closed.
X
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
  • #1

    Intrusion prevention whitelist openVPN Traffic?

    Hi all,
    I'm trying to whitelist ssh connections from openVPN to a internal machine.
    I can not get it to work. Always after 4 successfull connections I get blocked.
    Simplified example:
    Code:
    $ for i in $(seq 1 5); do ssh xxxx@compute date; sleep 1; done
Mi 7. Jul 11:32:42 CEST 2021
Mi 7. Jul 11:32:43 CEST 2021
Mi 7. Jul 11:32:45 CEST 2021
Mi 7. Jul 11:32:47 CEST 2021
ssh: connect to host compute port 22: Connection refused
    Click image for larger version Name: Bildschirmfoto 2021-07-07 um 11.34.37.png Views: 1 Size: 84.3 KB ID: 387155


    * First try was to set a bypass rule in network config
    Click image for larger version Name: Bildschirmfoto 2021-07-07 um 11.26.53.png Views: 1 Size: 144.3 KB ID: 387154
    -- no success
    * next I tried to IPS after other scans
    -- no success
    * finally I added a bypass rule to IPS
    Click image for larger version Name: Bildschirmfoto 2021-07-07 um 11.22.54.png Views: 1 Size: 111.0 KB ID: 387153
    -- no success

    I'm out of ideas. Can anybody help?

    (EDIT: Forgot to mention UT version is 16.3.2)
    Last edited by frust; 07-07-2021, 02:44 AM.
    Tags: None
  • #2
    Solution found

    After a week of poking around I found a solution:

    The variables section contains in "$HOME_NET" the entry "default". This does NOT include the OpenVPN network.
    After setting this variable manually to the wanted networks it works as expected.

    Why the general network-config bypass rule not works is a bit unclear to me. Maybe this is caused by the OpenVPN tun network device, what's possibly not reacting like a real physical network device.

    Comment

    Previous template Next
    Working...
    X
    😀
    🥰
    🤢
    😎
    😡
    👍
    👎