OpenVPN under attack?



  • Hi all,
    I get these logs in my openvpn section. Besides stop using openvpn are there other options? Should I worry?
    This is just a screenshot from an attack at 6.12am. I have more and the IP from the attackers changes each time.

    0_1535636795901_openvpn_attack.JPG

    Here is my openvpn config:

    5_1535637036992_openvpn(6).JPG 4_1535637036989_openvpn(5).JPG 3_1535637036983_openvpn(4).JPG 2_1535637036982_openvpn(3).JPG 1_1535637036979_openvpn(2).JPG 0_1535637036967_openvpn(1).JPG

    Update: I just changed my fw rule concerning openvpn in WAN section from source 'any' to just one IP. Just inconvenient if I ever try from another location. But that's rather exceptional.



  • I wouldn't worry about it. Any Internet-facing port that's opened is going to be continually "under attack." But that's largely why things like OpenVPN exist. If you're getting these connection attempts non-stop, then yes I might worry that you are being specifically targeted. But odds are it's just the constant, random scanning for open ports with unsecured services behind them. I run an OpenVPN server on pfSense too and get connection attempts like these relatively frequently too.


 

© Copyright 2002 - 2018 Rubicon Communications, LLC | Privacy Policy