Velociraptor NAT Environment Question
17 views
Skip to first unread message
Ben McDaniel
Aug 2, 2024, 8:24:19 PM8/2/24
to velociraptor-discuss
Hello,
I'm having issues getting the Quarantine function to work properly after the install. I see the IPsec rules get added to my client, but almost instantly get removed. Is Velociraptor able to be scaled and does it do well in remote or NAT'd environments?
Thanks
Mike Cohen
Aug 2, 2024, 9:37:07 PM8/2/24
to Ben McDaniel, velociraptor-discuss
The quarantine artifact installs the rules, then checks for connectivity and if it can not connect back to the server, it uninstalls the rules. This is to make sure that the machine is not left in a bad unreachable state.
If the rules are uninstalled it is likely that connectivity with the server is broken.
You can adjust the rules in the artifact argument. Note that unfortunately, ipsec works on IP addresses and not DNS names so the names must resolve to the correct IP addresses at the time the policy is calculated. Also if the connections require proxies etc you need to add those to the policy as well.
Thanks
--
You received this message because you are subscribed to the Google Groups "velociraptor-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to velociraptor-dis...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/velociraptor-discuss/9906573e-8bcd-4784-a546-960d506285can%40googlegroups.com.
Ben McDaniel
Aug 2, 2024, 9:47:50 PM8/2/24
to Mike Cohen, velociraptor-discuss
Awesome, thanks for the info!
Reply all
Reply to author
Forward
0 new messages