Understood. Thanks so much!
Just SSH dropping. Everything on the VM side is ok.
And yes, the computer I’m using is on .6.X (LAN VLAN) and the VM is on .1.X (MGMT VLAN).
The management VLAN is only accessible by a couple devices and this is one of them. To get PiAlert to be able to see devices on the LAN VLAN, it has to have an interface to be able to ARP from.
Would that be similar to telling SSH to listen on only one interface? Because I did try that but it unfortunately did not resolve the issue
Edit: Found what you mean. I’ll give this a try, thanks!
Yeah, such a nightmare, lol. If I ever feel like hosting a honeypot I’ll probably DMZ it or use a VPS or something, but I’m going to change gears on projects for now.
Right. Most of my VLANs are set up that way; they’re silos. The VLAN that this is running on is the “management” VLAN that can see the other ones
I have a somewhat dated (but decently specd) NUC running Proxmox, and it’s the backbone of my home lab. No issues to date.
Yes, also confused by this.
Maybe Piper Net (Silicon Valley)
Updated with the forum posts
Gotcha. I’m using a ATX 1800 with full tunnel. I figured there would be a default deny all (haven’t touched anything in the way of the firewall on that device yet), but wasn’t sure if ARP would be able to get past it from the public AP side. I guess I can always do a few experiments at home in the lab too. Thanks again!
Thanks so much for looking into it! That’s a relief
Ty!
Hey there,
Yeah I’m doing it manually, and I did try importing the config from pfsense, however it would say import successful and then “Failed” at the bottom, lol. I did end up getting it working after finding a post from the staff mentioning that you should not put a listening address on the Peer and you should set a manual MTU of like 1300 which worked for me.
Thank you, I might give this a try tomorrow. I thought I read something similar, but that it would require you to take care of log rotation as well otherwise they would just grow. Not sure how true that is.
Oooh, good point. I’m not even sure if I should be using this with cert only based auth
It does usually not make sense to use fail2ban with e.g sshd when only public key authentication or similar is enabled.
I was thinking that might be the case. Thank you!
I’ll check that out, thanks!
Happens to me too, but it’s usually Pihole or a browser extension
I try to balance things between what I find enjoyable/ worth the effort, and what ends up becoming more of a recurring headache