Re: [Vtun-Users] Multi, Encr and speed - was Re: Vtun and IDS
Status: Inactive
Brought to you by:
mtbishop
Menu
▾
▴
Re: [Vtun-Users] Multi, Encr and speed - was Re: Vtun and IDS
|
From: Michael R. <mic...@rs...> - 2012-09-13 07:00:01
|
Hi bishop, thats correct! After a few days with some abnormal line disconnects i end up with lots of zombie ethertaps. In v3.0.2 i used "multi killold" to get a new connection after disconnect and don´t be rejected by the server because a other zombie session is currently established. thats why i asked last time, why keepalive is not working properly. You told me that something related was fixed in v3.0.3. but i can not check this, because i had implemented my own solution to detect a zombie ethertap by take a look at changing counters in /proc/net/dev and killing the related vtun process and restart the session if there is no traffic flow encountered. So Thomas have to try one's luck :) Liebe Grüße aus Freilassing, Michael Rack RSM Freilassing -- RSM Freilassing Tel.: +49 8654 607110 Nocksteinstr. 13 Fax.: +49 8654 670438 D-83395 Freilassing www.rsm-freilassing.de Am 13.09.2012 08:48, schrieb bishop: > Michael, > > On a side note: Have you had good luck with Multi-Yes and tunnels > dying like they should? The last time I worked with it, I had a gang > of lame zombie ethertaps laying about after a few disconnects, but > that was back in the 2.6 days. > > 'speed 0' and 'multi yes' are already the default. > > - bish > > > Michael Rack wrote: >> Hi Thomas, >> >> you need to add a bridge device. >> >>> brctl addbr tundevices >> >> Now you have to add some lines to your vtund.conf in your profile >> section: >> >>> options { >>> ... >>> } >>> >>> my-profile { >>> pass mysecreat; >>> type ether; >>> proto udp; >>> encr no; >>> keepalive yes; >>> compress no; >>> speed 0; >>> multi yes; >>> up { >>> programm "/sbin/brctl addif tundevices %%"; >>> }; >>> } >> >> Important stuff: >> * multi >> * keepalive >> * up >> >> Be sure to use VTUN v3.0.3 >> http://downloads.sourceforge.net/project/vtun/vtun/3.0.3/vtun-3.0.3.tar.gz >> >> >> Now you see all traffics on interface "tundevices". >> >> Liebe Grüße aus Freilassing, >> >> Michael Rack >> RSM Freilassing >> -- >> RSM Freilassing Tel.: +49 8654 607110 >> Nocksteinstr. 13 Fax.: +49 8654 670438 >> D-83395 Freilassingwww.rsm-freilassing.de >> >> Am 12.09.2012 03:16, schrieb Justin Thomas: >>> Hi folks, >>> >>> I'm a new vtun user and a new subscriber to this list, so my apologies >>> if this is a simple question that has already been answered; I didn't >>> have much luck with Google. >>> >>> I'm attempting to use vtun as part of an IDS solution within Amazon >>> EC2/VPC. I have ether tunnels set up between each server and my IDS >>> sensor. On each server, I'm using daemonlogger to copy data from the >>> exposed interface to the virtual tap interface tunneled by vtun (which >>> is incidentally connected via a third, unexposed interface on each >>> system). So far so good. >>> >>> The picture in my mind was of a hub and spoke model where all of the >>> endpoint tap devices were bridged to a single tap device on the IDS >>> sensor (like tap0). What I seem to be seeing is that each tunnel to >>> each endpoint requires a separate tap interface on the sensor (tap1, >>> tap2, tap3) with unique configuration in the vtund.conf file for each >>> system/session. To do otherwise (i.e., share a tap and/or session on >>> the sensor across all of the "remote" servers) just generates >>> "connection refused" messages to my endpoints. >>> >>> Is there a more efficient way to do this? Or is the only way to make >>> this work to manage individual configuration items in vtund.conf for >>> each server and, likewise, allocate separate tap interfaces for each >>> (necessitating more complicated IDS software configuration to account >>> for the many interfaces that will be monitored). >>> >>> Thanks in advance for any advice! >>> Justin >>> >>> >>> >>> >>> ------------------------------------------------------------------------------ >>> >>> Live Security Virtual Conference >>> Exclusive live event will cover all the ways today's security and >>> threat landscape has changed and how IT managers can respond. >>> Discussions >>> will include endpoint security, mobile security and the latest in >>> malware >>> threats.http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ >>> >>> >>> _______________________________________________ >>> Vtun-Users mailing list >>> Vtu...@li... >>> https://lists.sourceforge.net/lists/listinfo/vtun-users >> >> >> >> ------------------------------------------------------------------------------ >> >> Live Security Virtual Conference >> Exclusive live event will cover all the ways today's security and >> threat landscape has changed and how IT managers can respond. >> Discussions >> will include endpoint security, mobile security and the latest in >> malware >> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ >> >> >> >> _______________________________________________ >> Vtun-Users mailing list >> Vtu...@li... >> https://lists.sourceforge.net/lists/listinfo/vtun-users >> > |