Hi all. I've got a hypothetical situation here and I'm curious as to what people think. When using the "client-to-client" option is there a way to create a "span" or "monitor" port which exposes the client-to-client traffic, e.g. for intrusion detection analysis?
Thanks,
Damon
Span / Monitor port when using "client-to-client" mode?
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
-
- OpenVpn Newbie
- Posts: 5
- Joined: Thu Jul 21, 2011 12:32 pm
- ecrist
- Forum Team
- Posts: 237
- Joined: Wed Nov 26, 2008 10:33 pm
- Location: Northern Minnesota, USA
- Contact:
Re: Span / Monitor port when using "client-to-client" mode?
If your kernel and driver support it, you can just enable promiscuous mode on the tun or tap interface.
OpenVPN Community Administrator
IRC: #openvpn, #openvpn-devel
Co-Author of Mastering OpenVPN
Author of Troubleshooting OpenVPN
IRC: #openvpn, #openvpn-devel
Co-Author of Mastering OpenVPN
Author of Troubleshooting OpenVPN
- janjust
- Forum Team
- Posts: 2703
- Joined: Fri Aug 20, 2010 2:57 pm
- Location: Amsterdam
- Contact:
Re: Span / Monitor port when using "client-to-client" mode?
sorry ecrist, in 'client-to-client' mode the internal routing tables are bypassed on the server.
In 'tun' mode you can mimick 'client-to-client' mode using the right iptables rules - this you can monitor
In 'tap' mode you cannot do this and you'd have to resort to writing an openvpn PF plugin.
In 'tun' mode you can mimick 'client-to-client' mode using the right iptables rules - this you can monitor
In 'tap' mode you cannot do this and you'd have to resort to writing an openvpn PF plugin.
-
- OpenVpn Newbie
- Posts: 1
- Joined: Tue Jan 10, 2012 7:50 am
Re: Span / Monitor port when using "client-to-client" mode?
Thanks, ecrist, for the help!!! it all turned out easier than I thought before. My kernel really supported it. the issue is solved. cialis