Strongswan server gets multiple, random connection requests
-
My strongswan server on pfsense is showing multiple connection requests from random IP addresses, none of which should be attempting to connect. Previously they were failing based on protocol matches:
charon 72401 08[IKE] <5> received proposals unacceptableMore recently, they are failing on more random issues such as:
Sep 12 11:41:14 charon 72401 07[NET] <6> received packet: from 199.195.248.205[58565] to [My IP][500] (54 bytes)
Sep 12 11:41:14 charon 72401 07[ENC] <6> not enough input to parse rule 5 RESERVED_BYTE
Sep 12 11:41:14 charon 72401 07[ENC] <6> parsing of a TRANSFORM_SUBSTRUCTURE_V1 substructure failed
Sep 12 11:41:14 charon 72401 07[ENC] <6> parsing of a PROPOSAL_SUBSTRUCTURE_V1 substructure failed
Sep 12 11:41:14 charon 72401 07[ENC] <6> payload type SECURITY_ASSOCIATION_V1 could not be parsed
Sep 12 11:41:14 charon 72401 07[IKE] <6> message parsing failedor:
Sep 12 14:11:44 charon 72401 06[NET] <7> received packet: from 147.185.132.40[52321] to [My IP][500] (1248 bytes)
Sep 12 14:11:44 charon 72401 06[ENC] <7> parsed ID_PROT request 0 [ SA ]
Sep 12 14:11:44 charon 72401 06[CFG] <7> looking for an IKEv1 config for [My IP]...147.185.132.40
Sep 12 14:11:44 charon 72401 06[IKE] <7> no IKE config found for [My IP]...147.185.132.40, sending NO_PROPOSAL_CHOSENMy server, strongSwan 5.9.14, uses the strongest encryption and hash protocols supported by my clients and connections use 4096 size certificates.
My question is how concerned about these attempted connection requests should I be and is there anything I should do to further protect my system. I disabled the ipsec server for a day but the connection attempts started up again when I re-enabled it.