What's new

OVPN-Server issue. Can someone look at my log and tell me what is going on? I don't want to post it in public though.

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

DAVID LONG

Regular Contributor
OVPN-Server issue. Can someone look at my log and tell me what is going on? I don't want to post it in public though. Anyway to share it not publicly?

Thanks.
 
PM (private message). Click on my profile and Start Conversation.
 
Last edited:
Got it.

What specifically is the issue? From what I see, it's all normal. The OpenVPN server seems to be configured properly and is waiting for the OpenVPN client to connect.
 
I didn't try to connect to it. I haven't used ovpn in months.
 
Someone outside tried to connect?

Were they successful?

Do i need to look for any changes they made? If so, what could they change?
 
Oh, I see. Yeah, I just noticed the following.

Code:
Feb 10 10:46:35 ovpn-server1[31076]: PLUGIN_CLOSE: /usr/lib/openvpn-plugin-auth-pam.so
Feb 10 10:46:35 ovpn-server1[31076]: PLUGIN AUTH-PAM: Error signaling background process to exit: Connection refused (errno=111)

It's an invalid username and/or password attempt and was blocked.

It's best to NOT use the well-known port of 1194, but it seems you already did that. Maybe they just guessed and got lucky, but there's no indication they got in. Try changing the port, just to see if it happens again.
 
Since I am stuck at home, I disabled ovpn. If I ever get back out of the house I'll look into changing the port.

Thanks.
 
FYI. Although a bit of a hassle to setup, consider placing the OpenVPN server on its own device, like an old router, and port forwarding to it. Then use a smart AC plug for managing it. That way you can leave the server OFF until you actually need it. Once on the road, whip out your smartphone, turn the smartplug ON, do what you need to do, then turn it OFF.

IOW, minimize your exposure as much as possible by only having it running on-demand.

That's what I've done w/ my own network. I just don't trust having *anything* accessible these days over the WAN unless absolutely necessary.
 
Then use a smart AC plug for managing it. That way you can leave the server OFF until you actually need it.
That's clever.

one of my servers, port forwarded to a non-standard port, gets between 2 and 3 thousand invalid attempts a day.
 
Here's something else to consider as well for better security.

Wouldn't be a bad idea to use the tls-auth option when configuring your OpenVPN server. The OpenVPN server GUI has this disabled by default, but it can help mitigate this problem of hackers randomly banging away at your server.

tls-auth adds an additional layer of authentication (using a static key) to the TLS control channel packets. When an OpenVPN client attempts to make initial contact w/ the server and does NOT have the correct static key, it can't decrypt those packets, and the server IMMEDIATELY drops the packet. IOW, the connection can't even get started. The primary purpose is to mitigate (D)DOS attacks. However, a secondary benefit is you should never see a failed username/password attempt unless YOU made the error (assuming your static key has not been stolen or otherwise compromised). The fact your syslog shows the failed login attempt strongly suggests you're not using this option.

 
Last edited:

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top