Hi everyone,
I’m looking to solve a problem and would appreciate your help.
I have installed OpenVAS on a server, which is a virtual machine. On the target network, I have also installed a virtual machine (a sort of virtual appliance) that I connect to via an SSH Layer 2 VPN, using TAP interfaces. Scanning from my server (let’s call it network A) to the target network (let’s call it network B) works correctly.
OpenVAS ----> VPN Layer 2 SSH ----> Target Network
Network A Network B
My goal now is to extend the scans to all subnets within network B. What I tried to do is add a new ENS interface within network B, assign it a free IP address, configure NAT, and set up the firewall to allow access to all TCP/UDP rules, etc.
OpenVAS ----> VPN Layer 2 SSH ----> Target Network
Network A Network B
|
----> Subnet B.1
The ping from network A to subnet B.1 works; I can see the traffic correctly using TCPdump and traceroute. However, the issue is that the scans are “falsified.”
I tested by directly placing my VM inside the subnet and performing a scan (where the results show multiple high vulnerabilities). Then, I tried passing through the “management network” applying my idea, and the scans are completely different! I don’t see any vulnerabilities as if the traffic is not reaching the targets (even though ping and traceroute work).
So:
If I install a VM for each subnet, it works.
If I install a single VM for the management network and redirect traffic to the subnets, it doesn't work.
Why do you think this happens?
Am I missing something in the firewall configuration?
Is there a better way to achieve what I have in mind, i.e., scanning the subnets by installing a single virtual machine that acts as a gateway?
I look forward to your suggestions and thank you in advance!