block openvpn brute force attempts
-
I have a lot of brute force attempts on udp port 1194. Is there a way to block them somehow?
Under firewall rules -> advanced there is a rate limit setting, but as far as i know it only works for tcp connections, not udp.
Is this even possible? -
Change your OpenVPN rule on WAN so that it only allows connections from an IP alias. Put all trusted IPs in that alias.
-
Change the openvpn port from 1194 to something like 34768 . Block port 1194 afterwards.
-
You could also take my approach, which is "I don't care". Let them rattle your doorknob all they want. You realize that your public IP is being probed and scanned all day every day, right? Not just your OpenVPN port. Don't obsess over blocks in your log. Liken it to your house. Do you worry about how many times somebody tries your door when you're not home?