I have installed Greenbone/OpenVAS from Debian repository and running version 7.0.3. I have two NICs and both of those are having access to different networks, and also both of them are having access to Internet, one quite direct route and another via multiple hops and devices in-between.
Let’s say that my eth0 NIC is having IP 192.168.0.20 (internal network) and eth1 having IP 10.0.0.10 (direct route to Internet).
By default without specifying “Network Source Interface” at web portal scan tasks the system uses eth0 and scans for the internal network work just fine. But if I would like to use eth1 NIC to scan some subnet through more direct Internet connection the task just finishes in about a minute without producing any results. I think OpenVAS tries to use 192.168.0.20 as source IP when communicating from eth1 and that is the reason why it will not work.
I know that routing from eth1 works, since for example I’m able to fetch files with wget through it when specifying bind IP that matches to eth1. The issue is that I do have two default gateways with the server and I should be somehow able to tell to OpenVAS what source IP to use, since just specifying the interface is not solving the issue.
I have been reading the man page:
And I have specified -S attribute so that the scanner daemon knows both of the IP addresses I have, but I don’t know how to request the scanner service to use the other IP. I cannot find a setting for this from the web portal, nor my Googling efforts how to do something for it at the command line.
One possibility perhaps would be having only one default route with the server, but I really would like the default route to point to the internal network instead of the Internet, since managing the Internal IP address ranges would be painful with a large environment. Much better would be to specify for some scans to use the direct Internet connection NIC.