Whitelisting not working?

So i’m trying to whitelist an IP and/or entire subnets.

I’ve created a pass lists and assigned it to the interface. Also, I can see that by default, that subnet or network is already added to what I though would be the pass list when surricata starts as it is one of my interfaces in pfSense.

But, surricata still continues to block my OVPN traffic.

09/11/2022
12:44:40 3 TCP Generic Protocol Command Decode 172.16.100.2
37767 172.16.101.3
8123 1:2210044
SURICATA STREAM Packet with invalid timestamp

I get these protocol command decode errors and they generally appear when I try to access something on the VPN, web based.

I just want to filter all VPN traffic from being blocked by surricata. I also need to entirely whitelist an IP address for another VPN ip address aswell but no matter what I try to do, surricata always catches the traffic and blocks the IP, in this case the private IP of the OVPN client.

Is there a way to just totally WHITELIST this?

172.16.100.16/28 for example.

and also say white list entirely 123.123.123.123/32 (single IP)

Thanks in advance.

If I understand correctly, the whitelist functionality is part of pfSense or pfSense modifications of Suricata. So your best bet is probably to ask in pfSense support.

Victor is correct. The whitelisting process is proprietary to pfSense and is implemented using a custom output plugin compiled into the binary on pfSense. You should always ask pfSense-related Suricata questions over at the Netgate forum here: https://forum.netgate.com/category/53/ids-ips.