Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN under attack?

    Scheduled Pinned Locked Moved OpenVPN
    openvpnattack
    2 Posts 2 Posters 879 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • czar666C
      czar666
      last edited by

      Hi all,
      I get these logs in my openvpn section. Besides stop using openvpn are there other options? Should I worry?
      This is just a screenshot from an attack at 6.12am. I have more and the IP from the attackers changes each time.

      0_1535636795901_openvpn_attack.JPG

      Here is my openvpn config:

      5_1535637036992_openvpn(6).JPG 4_1535637036989_openvpn(5).JPG 3_1535637036983_openvpn(4).JPG 2_1535637036982_openvpn(3).JPG 1_1535637036979_openvpn(2).JPG 0_1535637036967_openvpn(1).JPG

      Update: I just changed my fw rule concerning openvpn in WAN section from source 'any' to just one IP. Just inconvenient if I ever try from another location. But that's rather exceptional.

      1 Reply Last reply Reply Quote 0
      • T
        TheNarc
        last edited by

        I wouldn't worry about it. Any Internet-facing port that's opened is going to be continually "under attack." But that's largely why things like OpenVPN exist. If you're getting these connection attempts non-stop, then yes I might worry that you are being specifically targeted. But odds are it's just the constant, random scanning for open ports with unsecured services behind them. I run an OpenVPN server on pfSense too and get connection attempts like these relatively frequently too.

        1 Reply Last reply Reply Quote 1
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.