Hey Justin, I have to admit, you did lose me a bit of the way there, and I'm hoping to can clear up something or at least coax a vtund.conf snippet from you.
A local tun/tap device can only ever field one connection. It's normal to have a dozen tun/tap devices running on a central-ish endpoint, and it's nothing you need to generally worry about. Throw us a config (sanitized snippet only) or a cheap, quick google docs diagram to look at? I've got no attention span or time, but I do want to understand your layout if I can (just the tun/tap parts; the stuff on top may not be relevant or within my scope). - bish Justin Thomas wrote: > Hi folks, > > I'm a new vtun user and a new subscriber to this list, so my apologies > if this is a simple question that has already been answered; I didn't > have much luck with Google. > > I'm attempting to use vtun as part of an IDS solution within Amazon > EC2/VPC. I have ether tunnels set up between each server and my IDS > sensor. On each server, I'm using daemonlogger to copy data from the > exposed interface to the virtual tap interface tunneled by vtun (which > is incidentally connected via a third, unexposed interface on each > system). So far so good. > > The picture in my mind was of a hub and spoke model where all of the > endpoint tap devices were bridged to a single tap device on the IDS > sensor (like tap0). What I seem to be seeing is that each tunnel to each > endpoint requires a separate tap interface on the sensor (tap1, tap2, > tap3) with unique configuration in the vtund.conf file for each > system/session. To do otherwise (i.e., share a tap and/or session on the > sensor across all of the "remote" servers) just generates "connection > refused" messages to my endpoints. > > Is there a more efficient way to do this? Or is the only way to make > this work to manage individual configuration items in vtund.conf for > each server and, likewise, allocate separate tap interfaces for each > (necessitating more complicated IDS software configuration to account > for the many interfaces that will be monitored). > > Thanks in advance for any advice! > Justin > > > > > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and > threat landscape has changed and how IT managers can respond. Discussions > will include endpoint security, mobile security and the latest in malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > > > > _______________________________________________ > Vtun-Users mailing list > Vtun-Users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/vtun-users > ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Vtun-Users mailing list Vtun-Users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/vtun-users
