My OpenVPN is hacked?



  • Hello,

    Today, I looked at Status / System Logs / Firewall and noticed that there is an entry showing this:

    Action X
    ovpns1 Default deny rule IPv4 (1000000104) Source: 157.240.9.13:443 Destination: 172.16.10.251:47359 TCP:PA

    172.16.10.0/24 is OpenVPN IPv4 Tunnel Network

    I have pfBlockerng only allowing traffic from my country and its rule stays at the top of the rules. It is working okay, however this source address shown above is belonging to Facebook. How can this happen?



  • Obviously the OpenVPN client at 172.16.10.251 was accessing 157.240.9.13:443. Later, after pfSense already has closed the connection, the server sent a response packet, so pfSense blocked it.



  • Thank you very much for your reply. Could you please let me know the meanings of this:

    1. TCP:PA
    2. Default deny rule IPv4
    3. Block all IPv6


  • @emammadov said in My OpenVPN is hacked?:

    TCP:PA

    TCP Push Ack. Google it.

    http://packetlife.net/blog/2011/mar/2/tcp-flags-psh-and-urg/

    Default deny rule IPv4

    Default firewall rule to deny all IP4 traffic

    Block all IPv6

    Block all IP6 traffic


Log in to reply