Span / Monitor port when using "client-to-client" mode?

This forum is for general conversation and user-user networking.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Post Reply
dtmiller1976
OpenVpn Newbie
Posts: 5
Joined: Thu Jul 21, 2011 12:32 pm

Span / Monitor port when using "client-to-client" mode?

Post by dtmiller1976 » Mon Oct 24, 2011 7:58 pm

Hi all. I've got a hypothetical situation here and I'm curious as to what people think. When using the "client-to-client" option is there a way to create a "span" or "monitor" port which exposes the client-to-client traffic, e.g. for intrusion detection analysis?


Thanks,

Damon

User avatar
ecrist
Forum Team
Posts: 237
Joined: Wed Nov 26, 2008 10:33 pm
Location: Northern Minnesota, USA
Contact:

Re: Span / Monitor port when using "client-to-client" mode?

Post by ecrist » Tue Oct 25, 2011 12:00 am

If your kernel and driver support it, you can just enable promiscuous mode on the tun or tap interface.
OpenVPN Community Administrator
IRC: #openvpn, #openvpn-devel
Co-Author of Mastering OpenVPN
Author of Troubleshooting OpenVPN

User avatar
janjust
Forum Team
Posts: 2703
Joined: Fri Aug 20, 2010 2:57 pm
Location: Amsterdam
Contact:

Re: Span / Monitor port when using "client-to-client" mode?

Post by janjust » Wed Oct 26, 2011 12:49 pm

sorry ecrist, in 'client-to-client' mode the internal routing tables are bypassed on the server.

In 'tun' mode you can mimick 'client-to-client' mode using the right iptables rules - this you can monitor

In 'tap' mode you cannot do this and you'd have to resort to writing an openvpn PF plugin.

EuroChick
OpenVpn Newbie
Posts: 1
Joined: Tue Jan 10, 2012 7:50 am

Re: Span / Monitor port when using "client-to-client" mode?

Post by EuroChick » Tue Jan 10, 2012 8:08 am

Thanks, ecrist, for the help!!! it all turned out easier than I thought before. My kernel really supported it. the issue is solved. cialis

Post Reply