[Oisf-users] Trouble with Suricata and SSL VPN
Victor Julien
lists at inliniac.net
Wed May 1 12:11:24 UTC 2013
On 05/01/2013 12:47 PM, Leonard Jacobs wrote:
> Do you have a suggesting on how much to increase the timeouts? Or just have to experiment with them? And you are referring to the TCP flow-timeouts, correct?
It depends on what protocol your vpn uses. But you can try doubling the
timeout to see if the disconnect time also doubles.
> -----Original Message-----
> From: oisf-users-bounces at openinfosecfoundation.org [mailto:oisf-users-bounces at openinfosecfoundation.org] On Behalf Of Victor Julien
> Sent: Wednesday, May 01, 2013 3:01 AM
> To: oisf-users at openinfosecfoundation.org
> Subject: Re: [Oisf-users] Trouble with Suricata and SSL VPN
>
> On 04/30/2013 02:05 PM, Leonard Jacobs wrote:
>> Yes. It appears that the problem only occurs with SonicWALL Adventail SSL VPN. It is reported that connecting to it is slow and it disconnects as if a timeout occurs. We have increased the number af-packet threads to 6 from 4 that was set yesterday and we changed the cpu cores setting in suricata.yaml from the default of 1.5 to 2. We are running an i7 processor which has 4 cores and 8 threads.
>
> Does the disconnect interval relate to any of the flow-timeout values in your yaml? If so you can try increasing those, or forcing a keep-alive mechanism in the vpn to stay within the timeout values.
>
> https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Suricatayaml#Flow-Time-Outs
>
> Cheers,
> Victor
>
>> -----Original Message-----
>> From: Peter Manev [mailto:petermanev at gmail.com]
>> Sent: Tuesday, April 30, 2013 2:08 AM
>> To: Leonard Jacobs
>> Cc: oisf-users
>> Subject: Re: [Oisf-users] Trouble with Suricata and SSL VPN
>>
>> On Mon, Apr 29, 2013 at 6:02 PM, Leonard Jacobs <ljacobs at netsecuris.com> wrote:
>>> We are having a network latency problem using af-packet IPS mode when
>>> accessing SSL VPN to the point that SSL VPN disconnects. What could
>>> be causing this problem?
>>>
>>> We are using 4 threads with af-packet. We are seeing the connection
>>> in http.log file.
>>>
>>> Leonard
>>>
>>>
>> Hi Leonard,
>>
>> Do you experience that (in this set up) only with SSL VPN ?
>>
>> thanks
>>
>> --
>> Regards,
>> Peter Manev
>>
>> _______________________________________________
>> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
>> Site: http://suricata-ids.org | Support:
>> http://suricata-ids.org/support/
>> List:
>> https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>> OISF: http://www.openinfosecfoundation.org/
>>
>
>
> --
> ---------------------------------------------
> Victor Julien
> http://www.inliniac.net/
> PGP: http://www.inliniac.net/victorjulien.asc
> ---------------------------------------------
>
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> OISF: http://www.openinfosecfoundation.org/
>
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-users
mailing list