Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    My OpenVPN is hacked?

    Scheduled Pinned Locked Moved General pfSense Questions
    4 Posts 3 Posters 693 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • emammadovE
      emammadov
      last edited by

      Hello,

      Today, I looked at Status / System Logs / Firewall and noticed that there is an entry showing this:

      Action X
      ovpns1 Default deny rule IPv4 (1000000104) Source: 157.240.9.13:443 Destination: 172.16.10.251:47359 TCP:PA

      172.16.10.0/24 is OpenVPN IPv4 Tunnel Network

      I have pfBlockerng only allowing traffic from my country and its rule stays at the top of the rules. It is working okay, however this source address shown above is belonging to Facebook. How can this happen?

      Elvin

      1 Reply Last reply Reply Quote 0
      • V
        viragomann
        last edited by

        Obviously the OpenVPN client at 172.16.10.251 was accessing 157.240.9.13:443. Later, after pfSense already has closed the connection, the server sent a response packet, so pfSense blocked it.

        1 Reply Last reply Reply Quote 0
        • emammadovE
          emammadov
          last edited by

          Thank you very much for your reply. Could you please let me know the meanings of this:

          1. TCP:PA
          2. Default deny rule IPv4
          3. Block all IPv6

          Elvin

          1 Reply Last reply Reply Quote 0
          • KOMK
            KOM
            last edited by

            @emammadov said in My OpenVPN is hacked?:

            TCP:PA

            TCP Push Ack. Google it.

            http://packetlife.net/blog/2011/mar/2/tcp-flags-psh-and-urg/

            Default deny rule IPv4

            Default firewall rule to deny all IP4 traffic

            Block all IPv6

            Block all IP6 traffic

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.