Strange log. Does this user lost his key?



  • Hi!

    i have an pfSense box v1.2.3 running with openvpn and created for each user a key so that they can access the office.
    However yesterday i had this stragne things in the log.

    Mar 28 21:56:10        openvpn[36567]: IP1:3586 [clientTD] Peer Connection Initiated with IP1:3586
    Mar 28 21:57:08        openvpn[36567]: IP2:3870 Re-using SSL/TLS context
    Mar 28 21:57:08        openvpn[36567]: IP2:3870 LZO compression initialized
    Mar 28 21:57:12        openvpn[36567]: IP2:3870 [clientTD] Peer Connection Initiated with IP2:3870
    Mar 28 21:58:14        openvpn[36567]: IP1:2127 Re-using SSL/TLS context
    Mar 28 21:58:14        openvpn[36567]: IP1:2127 LZO compression initialized
    Mar 28 21:58:17        openvpn[36567]: IP1:2127 [clientTD] Peer Connection Initiated with IP1:2127
    Mar 28 21:59:20        openvpn[36567]: IP2:3949 Re-using SSL/TLS context
    Mar 28 21:59:20        openvpn[36567]: IP2:3949 LZO compression initialized
    Mar 28 21:59:22        openvpn[36567]: IP2:3949 [clientTD] Peer Connection Initiated with IP2:3949

    The user with IP1 is the origin owner of the certificate. For the IP2 we have no user who is at that ISP
    Its just a short part of the log, was runnin for an hours with the change of the IP. Do i see it right that someone stole the secret key from the clientTD user?

    Or are there any other explanations for that behaviour?

    Thanks


Log in to reply