With ntop, I can accurately see the traffic to several vpn users on unique subnet tied to an opt interface. As they work, ntop increments the data count up as expected for their ip (set by the openvpn client config).
I have enabled flows, and am monitoring it from a wkst but for one user, I monitor them by the ip of their remote tap interface, 192.168.100.9 (openvpn cc of 192.168.100.8/30) and it looks right. Another user, 192.168.100.4/30 isnt showing traffic for 192.168.100.5 (wtf) but monitoring their subnet, 192.168.100.4/30 shows *some* traffic while they are in the middle of a wide open scp from a server in the lan interface. Is there something I am missing, maybe some anomaly wrt to flows on this box? As I understand, the pfsync interface will dump data for everything (flows are set "any"). One odd thing I noticed was that changes ni the pfflowd settings tab don't take place until you apply twice as verified with wireshark on multiple remote hosts. Thanks! jlc --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] Commercial support available - https://portal.pfsense.org
