ASUS RT-AC68U system log shows potential hazards

[xlarge]

I experience several mysterius events looking into my system.log:
Several failure regarding ovpn-server and suspisious websites errors with TLS. Checking with whois most of them seems bad like this: ovpn-server1[xxxxx]: 167.248.133.140:19808 TLS Error: TLS key negotiation failed to occur within 60 seconds
More ovpn-server - error code 111.
Ovpn-server: WARNING: POTENTIALLY DANGEROUS OPTION --verify-client-cert none|optional may accept clients which do not present a certificate
syslog: PLUGIN AUTH-PAM: BACKGROUND: initialization succeeded. What is this?
kernel: HTB: quantum of class 10001 is big. Consider r2q change. What is this - action?
kernel: SKIPPED false Type 2 Radar Detection. 2, 3, 5 and others. What is this?

All this happen in the night when nobody have been active on my net. Nobody else have been using the openvpn either.
Need help!

 

[ColinTaylor]

167.248.133.140 belongs to Censys Inc., a port scanning company. See here. You're probably seeing this (and other IP addresses) because you're running your OpenVPN server on a common port. Don't, use a random uncommon port instead.

The kernel messages are normal so just ignore them.

 

[xlarge]

Thanks, Colin.
Do you mean vpn server port default 1194? What is the possible range?
Could my setup here be wrong, se pic.

 

[ColinTaylor]

Do you mean vpn server port default 1194?

Yes.

What is the possible range?

I suggest something in the range 5001 to 32767. Something random and not obvious like "8000" or "8888" would be. For example 14128 or 26738.

 

[xlarge]

Yes.

I suggest something in the range 5001 to 32767. Something random and not obvious like "8000" or "8888" would be. For example 14128 or 26738.

I found this: https://unix.stackexchange.com/questions/422652/what-is-the-openvpn-port-range
and like to try something other than 1194 - in the mentioned range. Any problems with that? I wonder why there is no warning with the default use of 1194 or 1197.

 

[ColinTaylor]

I found this: https://unix.stackexchange.com/questions/422652/what-is-the-openvpn-port-range
and like to try something other than 1194 - in the mentioned range. Any problems with that? I wonder why there is no warning with the default use of 1194 or 1197.

There is no restriction (that I'm aware of) in OpenVPN as to what ports you can use. Obviously it can't be a port that's currently used by something else (this is the main thing).

The stackexchange reply is misleading when talking about Asus routers. It's a boilerplate reply that's more relevant to full blown multi-user Unix servers. In that situation there are good reasons not to use any of the system ports (1-1023).

Ports above 1023 can be either ephemeral or user ports. Avoiding using the ephemeral ports is usually regarded as good practice. So is avoiding using any of the registered ports in the user range. To add more complication different operating systems have historically used different ranges for the ephemeral range. So that's why I suggested using something in the range 5001 to 32767 as it's pretty "safe" whether you're talking about an Asus router or some other O/S.

EDIT: Check this list to make sure you're not choosing a user port that's currently registered for a service, otherwise you might end up with the same port-scanning issue.

 

[xlarge]

Thanks Colin for the lesson. I follow your advice.
While we talking, what about
Ovpn-server: WARNING: POTENTIALLY DANGEROUS OPTION --verify-client-cert none|optional may accept clients which do not present a certificate

 

[ColinTaylor]

While we talking, what about
Ovpn-server: WARNING: POTENTIALLY DANGEROUS OPTION --verify-client-cert none|optional may accept clients which do not present a certificate

I'm not sure. I'd hazard a guess it's because you're using "Username / Password Auth. Only" on the server.

 

[xlarge]

Thanks Colin. I think it's correct and have googled the same just now.