Discussion:
[Openvas-discuss] Scan over VPN tunnel fail
Tianyi Yang
2015-09-04 18:38:53 UTC
Permalink
I yum installed OpenVAS through atomic, did the setup, ran
openvas-check-setup and everything looks good. Also, I scanned localhost
and some LAN hosts, all gave reasonable results.

However, when I came to scan over VPN, it failed. I did specify
source_iface in /etc/openvas/openvassd.conf, and it's picked up by scanner
as will be shown in the log file openvassd.log. And the command "ping -I
10.255.255.253 192.168.0.239" did get no packet loss. The following is part
of the log from /var/log/openvas/openvassd.log:

"
[Fri Sep 4 18:27:49 2015][16704] Starts a new scan. Target(s) :
192.168.0.239, with max_hosts = 30 and max_checks = 10
[Fri Sep 4 18:27:49 2015][16704] source_iface: Using eth0:1
(10.255.255.253 / ::).
[Fri Sep 4 18:27:49 2015][16704] Testing 192.168.0.239
(::ffff:192.168.0.239) [16717]
[Fri Sep 4 18:27:51 2015][16899] Communication closed by client
[Fri Sep 4 18:27:51 2015][16899] Client not present
[Fri Sep 4 18:27:52 2015][16717] The remote host (192.168.0.239) is dead
[Fri Sep 4 18:27:52 2015][16717] Finished testing 192.168.0.239. Time :
2.49 secs
"

Could anyone help me figure out this problem? Thanks in advance!
Eero Volotinen
2015-09-04 18:44:19 UTC
Permalink
Try settings that host is alive on target. Consider alive is setting on
task/target creation.

Eero
Post by Tianyi Yang
I yum installed OpenVAS through atomic, did the setup, ran
openvas-check-setup and everything looks good. Also, I scanned localhost
and some LAN hosts, all gave reasonable results.
However, when I came to scan over VPN, it failed. I did specify
source_iface in /etc/openvas/openvassd.conf, and it's picked up by scanner
as will be shown in the log file openvassd.log. And the command "ping -I
10.255.255.253 192.168.0.239" did get no packet loss. The following is part
"
192.168.0.239, with max_hosts = 30 and max_checks = 10
[Fri Sep 4 18:27:49 2015][16704] source_iface: Using eth0:1
(10.255.255.253 / ::).
[Fri Sep 4 18:27:49 2015][16704] Testing 192.168.0.239
(::ffff:192.168.0.239) [16717]
[Fri Sep 4 18:27:51 2015][16899] Communication closed by client
[Fri Sep 4 18:27:51 2015][16899] Client not present
[Fri Sep 4 18:27:52 2015][16717] The remote host (192.168.0.239) is dead
2.49 secs
"
Could anyone help me figure out this problem? Thanks in advance!
_______________________________________________
Openvas-discuss mailing list
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Tianyi Yang
2015-09-05 15:13:23 UTC
Permalink
Hi Eero,

Thank you so much for the instruction! Would you please give more details
on how to (xml brackets) set a host alive when creating a target? Thank you
again!

Tianyi
Post by Eero Volotinen
Try settings that host is alive on target. Consider alive is setting on
task/target creation.
Eero
Post by Tianyi Yang
I yum installed OpenVAS through atomic, did the setup, ran
openvas-check-setup and everything looks good. Also, I scanned localhost
and some LAN hosts, all gave reasonable results.
However, when I came to scan over VPN, it failed. I did specify
source_iface in /etc/openvas/openvassd.conf, and it's picked up by scanner
as will be shown in the log file openvassd.log. And the command "ping -I
10.255.255.253 192.168.0.239" did get no packet loss. The following is part
"
192.168.0.239, with max_hosts = 30 and max_checks = 10
[Fri Sep 4 18:27:49 2015][16704] source_iface: Using eth0:1
(10.255.255.253 / ::).
[Fri Sep 4 18:27:49 2015][16704] Testing 192.168.0.239
(::ffff:192.168.0.239) [16717]
[Fri Sep 4 18:27:51 2015][16899] Communication closed by client
[Fri Sep 4 18:27:51 2015][16899] Client not present
[Fri Sep 4 18:27:52 2015][16717] The remote host (192.168.0.239) is dead
2.49 secs
"
Could anyone help me figure out this problem? Thanks in advance!
_______________________________________________
Openvas-discuss mailing list
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Chris
2015-09-05 15:16:58 UTC
Permalink
Hi,
Would you please give more details on how to (xml brackets) set a host alive when creating a target?
have a look at the "Alive-Test" part of http://docs.greenbone.net/GSM-Manual/gos-3.1/en/scanning.html#creating-a-target
Eero Volotinen
2015-09-05 15:19:34 UTC
Permalink
How about trying to do something without step-by-step instructions?

--
Eero
Post by Tianyi Yang
Hi Eero,
Thank you so much for the instruction! Would you please give more details
on how to (xml brackets) set a host alive when creating a target? Thank you
again!
Tianyi
Post by Eero Volotinen
Try settings that host is alive on target. Consider alive is setting on
task/target creation.
Eero
Post by Tianyi Yang
I yum installed OpenVAS through atomic, did the setup, ran
openvas-check-setup and everything looks good. Also, I scanned localhost
and some LAN hosts, all gave reasonable results.
However, when I came to scan over VPN, it failed. I did specify
source_iface in /etc/openvas/openvassd.conf, and it's picked up by scanner
as will be shown in the log file openvassd.log. And the command "ping -I
10.255.255.253 192.168.0.239" did get no packet loss. The following is part
"
192.168.0.239, with max_hosts = 30 and max_checks = 10
[Fri Sep 4 18:27:49 2015][16704] source_iface: Using eth0:1
(10.255.255.253 / ::).
[Fri Sep 4 18:27:49 2015][16704] Testing 192.168.0.239
(::ffff:192.168.0.239) [16717]
[Fri Sep 4 18:27:51 2015][16899] Communication closed by client
[Fri Sep 4 18:27:51 2015][16899] Client not present
[Fri Sep 4 18:27:52 2015][16717] The remote host (192.168.0.239) is dead
2.49 secs
"
Could anyone help me figure out this problem? Thanks in advance!
_______________________________________________
Openvas-discuss mailing list
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Chris
2015-09-05 18:56:51 UTC
Permalink
Post by Eero Volotinen
How about trying to do something without step-by-step instructions?
So true :)
Tianyi Yang
2015-09-05 22:36:10 UTC
Permalink
Thank you Eero and Chris! Now it works like a charm.

In case someone else would have similar problem later, I list what I did to
scan over VPN.

1) Edit /etc/openvas/openvassd.config and add:
source_iface = SOURCE_INTERFACE_NAME
sys_ifaces_allow = SOURCE_INTERFACE_NAME
2) Restart openvas-scanner and openvas-manager;
3) When creating a new target, choose "Consider alive" for "Alive test";
4) When creating a new task using the above target, specify the "Network
Source Interface" option.

Thank you again!
Post by Chris
Post by Eero Volotinen
How about trying to do something without step-by-step instructions?
So true :)
_______________________________________________
Openvas-discuss mailing list
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Loading...