What's new

My Openvpn server possible hacking?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

clvk07

Senior Member
Hi

Running latest Merlin firmware. (AC88U) Have openvpn server on. (cert+password) Today I noticed this error in the log:

Jan 8 06:51:52 openvpn[1522]: 60.191.49.187 Connection reset, restarting [0]

After doing an IP lookup it seems that the address is in China. Unfortunately I was running the log with warning as minimum level so I do not know if that was a real connection. (that is the only openvpn entry for that time)
To me it looks like a connection was made and then reset or am I wrong?

I think I saw another message like this one with an IP address of my mobile ISP which I did made a connection.
 
Likely due to your server is listening to tcp and u are on common ports like 443, 80 ,1194, etc...
there is no harm just that u will see irritating log like u are seeing now every now and then.
Suggestion using Skynet by Adamm to block common IPs used for hacking/port scanning etc, change to uncommon port and use udp.
 
I've noticed that someone (or other) has been scripting this to check all ports. My logfiles overflowed yesterday with these pests.
I agree that it's probably only a nuisance, but using something like Skynet isn't going to help a lot since the adresses these packets have been coming from change (probably spoofed?) constantly and/or are from reputable hosting companies.
 

Attachments

  • syslog1.txt
    11.8 KB · Views: 501
I've noticed that someone (or other) has been scripting this to check all ports. My logfiles overflowed yesterday with these pests.
I agree that it's probably only a nuisance, but using something like Skynet isn't going to help a lot since the adresses these packets have been coming from change (probably spoofed?) constantly and/or are from reputable hosting companies.
That’s not scanning all ports. These are just incoming connecting ports (source), trying to connect to your openvpn port (destination). This happened when you are using common port like 443,1194,1195, etc. Just change your openvpn server port and the problem will go away.

Also, Skynet does blocked most of the malicious IP. You can also use customised list to increase more blocking and you can also use country block in Skynet.
 
That’s not scanning all ports. These are just incoming connecting ports (source), trying to connect to your openvpn port (destination). This happened when you are using common port like 443,1194,1195, etc. Just change your openvpn server port and the problem will go away.

Also, Skynet does blocked most of the malicious IP. You can also use customised list to increase more blocking and you can also use country block in Skynet.

Thanks, that did the trick! I had overlooked the 'Advanced Settings' under 'VPN Details'.
 

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Top