Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Unknown OpenVPN connection and log-messages

    Scheduled Pinned Locked Moved OpenVPN
    5 Posts 2 Posters 2.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      Melphiz
      last edited by

      Hello guys,

      I am not sure what's going on. Is someone trying to connect to my OpenVPN, someone without auth?

      I'm running pfSense 2.1-RELEASE (i386) and use 1x DSL-WAN (default + OpenVPN), 1x LTE-WAN (specific usergroup only), 1x LAN and have set up my OpenVPN several months ago.
      Firewall rules are these:
      WAN (DSL)

       	IPv4 UDP 	* 	* 	WAN_ADSL address 	1194 (OpenVPN) 	* 	none 
      

      OpenVPN

       	IPv4 * 	* 	* 	LAN net 	* 	* 	none 
      

      Today I had to check the logs and noticed some (not ending) entries, which I have no idea what's going on.

      Mar 5 11:47:17 	openvpn[24410]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]109.45.151.3:1194
      Mar 5 11:47:01 	openvpn[24410]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]109.45.151.3:1194
      Mar 5 11:46:53 	openvpn[24410]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]109.45.151.3:1194
      Mar 5 11:46:49 	openvpn[24410]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]109.45.151.3:1194
      Mar 5 11:46:47 	openvpn[24410]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]109.45.151.3:1194
      Mar 5 11:46:14 	openvpn[24410]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]109.45.151.3:1194
      Mar 5 11:45:58 	openvpn[24410]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]109.45.151.3:1194
      Mar 5 11:45:51 	openvpn[24410]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]109.45.151.3:1194
      Mar 5 11:45:46 	openvpn[24410]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]109.45.151.3:1194
      Mar 5 11:45:44 	openvpn[24410]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]109.45.151.3:1194
      Mar 5 11:45:08 	openvpn[24410]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]109.45.151.3:1194
      Mar 5 11:44:48 	openvpn[24410]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]109.45.151.3:1194
      Mar 5 11:44:40 	openvpn[24410]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]109.45.151.3:1194
      Mar 5 11:44:36 	openvpn[24410]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]109.45.151.3:1194
      Mar 5 11:44:34 	openvpn[24410]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]109.45.151.3:1194
      Mar 5 11:44:01 	openvpn[24410]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]109.45.151.3:1194
      Mar 5 11:43:45 	openvpn[24410]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]109.45.151.3:1194
      .
      .
      .
      Mar 5 10:01:44 	openvpn[24410]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]109.45.151.3:1194
      Mar 5 10:01:36 	openvpn[24410]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]109.45.151.3:1194
      Mar 5 10:01:31 	openvpn[24410]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]109.45.151.3:1194
      Mar 5 10:01:29 	openvpn[24410]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]109.45.151.3:1194
      

      (I don't care 'bout the IP shown here, comes from a location in germany I don't even know where the hell that place is)

      I tried setting up rules for WAN and OpenVPN like these:

      IPv4 TCP 	109.45.151.3 	* 	* 	1194 (OpenVPN) 	* 	none 
      

      or even

      IPv4 TCP 	109.45.151.3 	* 	* 	* 	* 	none 
      

      But the OpenVPN log still shows incoming packets from that IP.

      So, what is actually going on? Anyone got a clue about this?

      regards, André

      1 Reply Last reply Reply Quote 0
      • P
        phil.davis
        last edited by

        The special rule for 109.45.151.3 needs to be a block rule, and has to come before the pass rule for letting other traffic in to WAN address port 1194.

        As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
        If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

        1 Reply Last reply Reply Quote 0
        • M
          Melphiz
          last edited by

          @phil.davis:

          The special rule for 109.45.151.3 needs to be a block rule, and has to come before the pass rule for letting other traffic in to WAN address port 1194.

          This firewall has no logic to me.
          The rules were blocking rules and set before all passing rules but after some trying around it only worked when I set 1194 for source AND destination port … using pfBlocker instead of custom rules does work with everything set to any (*) ... which did not work for custom rules.

          Feckin' bollocks if you ask me.

          1 Reply Last reply Reply Quote 0
          • P
            phil.davis
            last edited by

            I just noticed that some of the rules you were trying had protocol TCP selected. So they were not effective, because your OpenVPN (as is normal and best practice) is using UDP.
            That is a bit of a trick when making new rules - the protocol field defaults to TCP, rather than "any".

            As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
            If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

            1 Reply Last reply Reply Quote 0
            • M
              Melphiz
              last edited by

              @phil.davis:

              I just noticed that some of the rules you were trying had protocol TCP selected. So they were not effective, because your OpenVPN (as is normal and best practice) is using UDP.
              That is a bit of a trick when making new rules - the protocol field defaults to TCP, rather than "any".

              Jesus. How couldn't I notice. You're right and it's so obvious but somehow I managed to ignore that field when checking the rules. Should've taken a closer look at pfBlocker's rule aswell:  **IPv4 ***

              Nevertheless I posted this issue at OpenVPN forum also because I'd like to know what exactly this IP was doing? Does the log entry mean, the IP connected to my OpenVPN but without correct auth. data? Or is it just about the ta.key as I've read somewhere when searching for this message.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.