Hi folks,
I'm a new vtun user and a new subscriber to this list, so my apologies if
this is a simple question that has already been answered; I didn't have
much luck with Google.
I'm attempting to use vtun as part of an IDS solution within Amazon
EC2/VPC. I have ether tunnels set up between each server and my IDS sensor.
On each server, I'm using daemonlogger to copy data from the exposed
interface to the virtual tap interface tunneled by vtun (which is
incidentally connected via a third, unexposed interface on each system). So
far so good.
The picture in my mind was of a hub and spoke model where all of the
endpoint tap devices were bridged to a single tap device on the IDS sensor
(like tap0). What I seem to be seeing is that each tunnel to each endpoint
requires a separate tap interface on the sensor (tap1, tap2, tap3) with
unique configuration in the vtund.conf file for each system/session. To do
otherwise (i.e., share a tap and/or session on the sensor across all of the
"remote" servers) just generates "connection refused" messages to my
endpoints.
Is there a more efficient way to do this? Or is the only way to make this
work to manage individual configuration items in vtund.conf for each server
and, likewise, allocate separate tap interfaces for each (necessitating
more complicated IDS software configuration to account for the many
interfaces that will be monitored).
Thanks in advance for any advice!
Justin
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Vtun-Users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/vtun-users
