Results 1 to 2 of 2
  1. #1
    Master Untangler
    Join Date
    Jul 2008
    Location
    Germany
    Posts
    140

    Default Intrusion prevention whitelist openVPN Traffic?

    Hi all,
    I'm trying to whitelist ssh connections from openVPN to a internal machine.
    I can not get it to work. Always after 4 successfull connections I get blocked.
    Simplified example:
    Code:
    $ for i in $(seq 1 5); do ssh xxxx@compute date; sleep 1; done
    Mi 7. Jul 11:32:42 CEST 2021
    Mi 7. Jul 11:32:43 CEST 2021
    Mi 7. Jul 11:32:45 CEST 2021
    Mi 7. Jul 11:32:47 CEST 2021
    ssh: connect to host compute port 22: Connection refused
    Bildschirmfoto 2021-07-07 um 11.34.37.png


    * First try was to set a bypass rule in network config
    Bildschirmfoto 2021-07-07 um 11.26.53.png
    -- no success
    * next I tried to IPS after other scans
    -- no success
    * finally I added a bypass rule to IPS
    Bildschirmfoto 2021-07-07 um 11.22.54.png
    -- no success

    I'm out of ideas. Can anybody help?

    (EDIT: Forgot to mention UT version is 16.3.2)
    Last edited by frust; 07-07-2021 at 02:44 AM.

  2. #2
    Master Untangler
    Join Date
    Jul 2008
    Location
    Germany
    Posts
    140

    Lightbulb Solution found

    After a week of poking around I found a solution:

    The variables section contains in "$HOME_NET" the entry "default". This does NOT include the OpenVPN network.
    After setting this variable manually to the wanted networks it works as expected.

    Why the general network-config bypass rule not works is a bit unclear to me. Maybe this is caused by the OpenVPN tun network device, what's possibly not reacting like a real physical network device.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2