[pfSense] Detect suspicious traffic from OpenVPN clients

2017-05-15 Thread André Rodier 

Hello everyone,

I have installed pfSense successfully as a firewall / gateway, with snort.

I have some alerts working, for instance when I start a port scan from 
an internal server to an external IP address.


I also have OpenVPN working nicely, using a tunnel set up.

Now, I would like to know how to configure snort, to detect malicious 
traffic from machines connected through the VPN.


These machines would be not 100% under my control, so I would like to 
receive an alert as soon as there is suspicious traffic, in two cases:


- From a VPN client to an internal server
- From a VPN client to an external server

The VPN is configured to force the traffic to its gateway, and this is 
working nicely as well.


--
pfSense details:
2.3.4-RELEASE (amd64)
built on Wed May 03 15:13:29 CDT 2017
FreeBSD 10.3-RELEASE-p19
--

Thanks for your advices.
André
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] pfSense in AWS VPC

2017-11-27 Thread André Rodier 
Thanks for this answers.

The reason behind this is because we are using the VPN server of
pfSense, coupled with a custom DNS suffix.

I am not sure "unticking" the DHCP option will be enough to have exactly
the same behaviour, i.e. resolving machines in a custom domain names.

André

On 24/11/17 18:38, Ryan Coleman wrote:
> Wasting space… 
> Wasting space… 
> Wasting space… 
> Wasting space… 
> 
> Is there a point to this?
> 
>> On Nov 24, 2017, at 11:00 AM, Peder Rovelstad <provels...@comcast.net> wrote:
>>
>> Play me again...
>> Play me again...
>> Play me again...
>> Play me again...
>>
>> -Original Message-
>> From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Watson 
>> Kamanga
>> Sent: Thursday, November 23, 2017 6:45 AM
>> To: pfSense Support and Discussion Mailing List <list@lists.pfsense.org>
>> Subject: Re: [pfSense] pfSense in AWS VPC
>>
>> Services, DHCP Server  . untick enable dhcp .
>>
>> Watz . 
>>
>> On 11/23/17, 4:42 PM, "List on behalf of André Rodier" 
>> <list-boun...@lists.pfsense.org on behalf of an...@seequestor.com> wrote:
>>
>>Hello,
>>
>>Thanks for this great BSD distribution.
>>
>>We are actually using pfSense on a dedicated hardware infrastructure of
>>multiple server, with one of them being a web portal application.
>>
>>We are using the OpenVPN server to restrict access this web application,
>>on a specific domain (https://app.london.sq). The web application is
>>only exposed through this interface, and therefore not accessible
>>externally.
>>
>>We are now facing a challenge, to replicate this infrastructure on AWS,
>>inside a VPC. The VPC service from AWS is having a dedicated DHCP
>>server, that would conflict with the DHCP server of the firewall.
>>
>>In this scenario, how can we run the pfSense as a firewall in a AWS
>>powered virtual private cloud, but without using the DHCP server that
>>comes with pfSense.
>>
>>Thanks for your help and advices.
>>
>>Kind regards,
>>André Rodier
>>___
>>pfSense mailing list
>>https://lists.pfsense.org/mailman/listinfo/list
>>Support the project with Gold! https://pfsense.org/gold
>>
>> ___
>> pfSense mailing list
>> https://lists.pfsense.org/mailman/listinfo/list
>> Support the project with Gold! https://pfsense.org/gold
>>
>> ___
>> pfSense mailing list
>> https://lists.pfsense.org/mailman/listinfo/list
>> Support the project with Gold! https://pfsense.org/gold
> 
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
> 

André Rodier
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

[pfSense] pfSense in AWS VPC

2017-11-23 Thread André Rodier 
Hello,

Thanks for this great BSD distribution.

We are actually using pfSense on a dedicated hardware infrastructure of
multiple server, with one of them being a web portal application.

We are using the OpenVPN server to restrict access this web application,
on a specific domain (https://app.london.sq). The web application is
only exposed through this interface, and therefore not accessible
externally.

We are now facing a challenge, to replicate this infrastructure on AWS,
inside a VPC. The VPC service from AWS is having a dedicated DHCP
server, that would conflict with the DHCP server of the firewall.

In this scenario, how can we run the pfSense as a firewall in a AWS
powered virtual private cloud, but without using the DHCP server that
comes with pfSense.

Thanks for your help and advices.

Kind regards,
André Rodier
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold