I'm using OpenWRT on a Routerboard RB2011, and I've configured the switch on it to mirror the WAN traffic to a specific port for Snort usage.
This same OpenWRT have a 6in4 IPv6 Tunnel, and although the tunnel is established through the WAN port, I believe the traffic on the tunnel is encrypt, so Snort can't see it.
Is there any solution to mirror the traffic of a 6in4 tunnel to a specific port?
Thanks
I don't think so. 6in4 is just an additional ipv4 header. Are you running snort with enabled the ipip encapsulation?
According to the docs, the tunnels are enabled by default, and I've just used ./configure while building mine, so I believe yes, I have ipip enabled.
Nevermind, I think you're correct, and it should be working fine... sometimes I've got a feeling that it is only getting IPv6 traffic that comes through internal interfaces.