Running Suricata in af-packet IPS mode. What might be causing VPN client connections to fail? We have IKE parsing disabled in suricata.yaml. Running Suricata version 5.0.3.
Do you see any drops related to that? There are also some other drops with faulty traffic that won’t result in a drop that is logged.
But without more details it’s hard to tell.
It is going to be hard to tell at this point because it was disconnected before we got a chance to look at stats log. There are preliminary plans to reconnect it after-hours at some point to test the connections so maybe then we will be able to take a look for drops. We also though about turning off drops on signatures to see if a particular signature was causing VPN to fail.