Menu
What's new
By:
Filters Better Search

OpenVPN connection without logging in (384.5)?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Morac

Morac

Senior Member
I run TCP OpenVPN on Merlin 384.5 using public/private ECDSA keys with HMAC filtering. I noticed the following in my router logs today:

Code: 
Jun  5 20:17:50 ovpn-server2[17243]: TCP connection established with [AF_INET6]::ffff:5.39.223.84:38764
Jun  5 20:17:50 ovpn-server2[17243]: 5.39.223.84 Connection reset, restarting [0]
Jun  5 20:17:50 ovpn-server2[17243]: 5.39.223.84 SIGUSR1[soft,connection-reset] received, client-instance restarting
Jun  5 20:17:54 ovpn-server2[17243]: TCP connection established with [AF_INET6]::ffff:5.39.223.84:20932
Jun  5 20:18:09 ovpn-server2[17243]: 5.39.223.84 Connection reset, restarting [0]
Jun  5 20:18:09 ovpn-server2[17243]: 5.39.223.84 SIGUSR1[soft,connection-reset] received, client-instance restarting
Jun  5 20:18:12 ovpn-server2[17243]: TCP connection established with [AF_INET6]::ffff:5.39.223.84:24100
Jun  5 20:18:27 ovpn-server2[17243]: 5.39.223.84 Connection reset, restarting [0]
Jun  5 20:18:27 ovpn-server2[17243]: 5.39.223.84 SIGUSR1[soft,connection-reset] received, client-instance restarting

That appears to be indicating that someone connected using IPv6 (though the address is an IPv4 one) and somehow stayed connected to the OpenVPN server on my router for 15 minutes before disconnecting. It doesn’t show logging in, but I find that very odd.

Does OpenVPN not time out connections that don’t log in or did this person somehow bypass the login? Of note, I’ve seen a fair number of connection attempts from the Netherlands lately.
 
I'm getting these from throughout 185.200.118.0/24. I also have OpenVPN key auth only (no passwords). It could just be someone scanning port 1194. There was someone in another thread seeing similar connections from 95.57.241.69.

Regarding the AF_INET6, I think OpenVPN (on Merlin) claims addresses as IPv6, but I have IPv6 disabled. It may be an OpenVPN quirk and not anything nefarious.
 
It's 15s not minutes and they're making the initial connection but where they don't have the correct certificate the connection fails.

If you're running on a standard port this is to be expected as bots scan looking for unsecured servers. Nothing to worry about, just normal Internet noise.
 
If you have Skynet installed, you will see lesser of these as it blocked common known scanner before the openvpn initialize.
As said, Internet noise (port scanner) is there and every second. Change port if you are really concern with flooding of your syslog,
 
I'm getting a lot of malicious connection attempts myself lately from that 5.x.y.z subnet.

No, they did not use IPv6, it's just that OpenVPN handles connectionl IPs as if they were IPv6.
 
You must log in or register to reply here.

Similar threads

B
Unable to establish VPN connection to my PiVPN (ovpn) from my Asus RT-AC86U running Asuswrt-Merlin 386.14
Replies
1
Views
319
eibgrad
eibgrad
K
Dropouts on ASUS RT-AX86U
Replies
5
Views
485
kram66
K
D
Random timeouts on Firmware:3004.388.8_4
Replies
6
Views
427
dineshgyl
D
Wishmaster1965
Solved OpenVPN Server Issue
Replies
5
Views
1K
Wishmaster1965
Wishmaster1965
J
AX88U Merlin 386.x and 388.1 random WAN disconnects mostly without relevant log entries
2 3
Replies
50
Views
7K
CajunFeather
C
Similar threads
Thread starter Title Forum Replies Date
Viktor Jaep OpenVPN Client Connection through existing OpenVPN Router Connection causes DISCONNECT Asuswrt-Merlin 0
C Connection to router by ip fails while remote over OpenVPN Asuswrt-Merlin 17
M 2 separate clients on OpenVPN server Asuswrt-Merlin 4
D Solved Openvpn client dns Asuswrt-Merlin 2
D WireGuard removing OpenVPN on ASUS Routers ? Asuswrt-Merlin 2
T [Help] Problems setting up OpenVPN Asuswrt-Merlin 7
N dedicated router for OpenVPN Asuswrt-Merlin 4
N Solved OpenVPN Server split tunnell config Asuswrt-Merlin 5
S OpenVPN LAN access + one external IP Asuswrt-Merlin 3
J VPN director Multiple OpenVPN clients Asuswrt-Merlin 7

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 576 (members: 15, guests: 561)
Top