[Vtun-Users] Multi, Encr and speed - was Re: Vtun and IDS
Status: Inactive
Brought to you by:
mtbishop
From: bishop <bi...@pl...> - 2012-09-13 06:49:23
|
Michael, On a side note: Have you had good luck with Multi-Yes and tunnels dying like they should? The last time I worked with it, I had a gang of lame zombie ethertaps laying about after a few disconnects, but that was back in the 2.6 days. 'speed 0' and 'multi yes' are already the default. - bish Michael Rack wrote: > Hi Thomas, > > you need to add a bridge device. > >> brctl addbr tundevices > > Now you have to add some lines to your vtund.conf in your profile section: > >> options { >> ... >> } >> >> my-profile { >> pass mysecreat; >> type ether; >> proto udp; >> encr no; >> keepalive yes; >> compress no; >> speed 0; >> multi yes; >> up { >> programm "/sbin/brctl addif tundevices %%"; >> }; >> } > > Important stuff: > * multi > * keepalive > * up > > Be sure to use VTUN v3.0.3 > http://downloads.sourceforge.net/project/vtun/vtun/3.0.3/vtun-3.0.3.tar.gz > > Now you see all traffics on interface "tundevices". > > Liebe Grüße aus Freilassing, > > Michael Rack > RSM Freilassing > -- > RSM Freilassing Tel.: +49 8654 607110 > Nocksteinstr. 13 Fax.: +49 8654 670438 > D-83395 Freilassingwww.rsm-freilassing.de > > Am 12.09.2012 03:16, schrieb Justin Thomas: >> Hi folks, >> >> I'm a new vtun user and a new subscriber to this list, so my apologies >> if this is a simple question that has already been answered; I didn't >> have much luck with Google. >> >> I'm attempting to use vtun as part of an IDS solution within Amazon >> EC2/VPC. I have ether tunnels set up between each server and my IDS >> sensor. On each server, I'm using daemonlogger to copy data from the >> exposed interface to the virtual tap interface tunneled by vtun (which >> is incidentally connected via a third, unexposed interface on each >> system). So far so good. >> >> The picture in my mind was of a hub and spoke model where all of the >> endpoint tap devices were bridged to a single tap device on the IDS >> sensor (like tap0). What I seem to be seeing is that each tunnel to >> each endpoint requires a separate tap interface on the sensor (tap1, >> tap2, tap3) with unique configuration in the vtund.conf file for each >> system/session. To do otherwise (i.e., share a tap and/or session on >> the sensor across all of the "remote" servers) just generates >> "connection refused" messages to my endpoints. >> >> Is there a more efficient way to do this? Or is the only way to make >> this work to manage individual configuration items in vtund.conf for >> each server and, likewise, allocate separate tap interfaces for each >> (necessitating more complicated IDS software configuration to account >> for the many interfaces that will be monitored). >> >> Thanks in advance for any advice! >> Justin >> >> >> >> >> ------------------------------------------------------------------------------ >> Live Security Virtual Conference >> Exclusive live event will cover all the ways today's security and >> threat landscape has changed and how IT managers can respond. Discussions >> will include endpoint security, mobile security and the latest in malware >> threats.http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ >> >> >> _______________________________________________ >> Vtun-Users mailing list >> Vtu...@li... >> https://lists.sourceforge.net/lists/listinfo/vtun-users > > > > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and > threat landscape has changed and how IT managers can respond. Discussions > will include endpoint security, mobile security and the latest in malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > > > > _______________________________________________ > Vtun-Users mailing list > Vtu...@li... > https://lists.sourceforge.net/lists/listinfo/vtun-users > |