I have been poking around the posts and I haven't been able to come up with an answer... I'm not sure the issue has ever come up.
I have a home license that I administer for myself. I've been so thrilled with the product and its features (namely spam killing and remote access) that I've sold my family on it. My father has a home built system and I have built one for my father-in-law.
My next logical step - SITE TO SITE! (Really more me wanting to learn about the features and seeing how I can tie it all together).
The other day I changed some configurations and I when I looked in the Firewall logs several days later I could see that there was a host in the OpenVPN subnet (10.242.x.x) that were banging away on the firewall. It wasn't my mobile phone, it wasn't my office to home connection - I could see those IPs in the Remote Access tab "Online Users". At first I thought that I had some form of intruder, until I realized that my S2S connections used the same IP range.
However, I could find no way to identify the offending endpoint. (I had misconfigured DNS lookups on one of the remote sites) The only way I could identify the host was to disable the SSL S2S connection for each site and watch the firewall log to make sure it stopped. That isn't really a feasible solution when you start adding multiple sites.. so how exactly do I determine who the affected endpoint is? The S2S VPN tunnel status only lists the WAN and internal IP subnets, but not the tunnel addresses.
Thanks,
Andy
This thread was automatically locked due to age.
Guest User!
You are not Sophos Staff.
