Menu
What's new
By:
Filters Better Search

Protect OpenVPN server

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

M

Mikiya

Occasional Visitor
Hi
I've searched here but i can't find a way to do what i want to protect my openvpn server so ...
I know fail2ban (use it on other computers), i know merlin do not want to use it because of python, and i've read posts about ipset scripts to protect from some IPs (by country or malicious lists).
BUT i can't find out how can i protect my openvpn from brute force. With fail2ban, it's quite simple to set a regex from the log file, but without it, i don't know.
Have you find a solution for that ?
Thank you !
 
If you use 1024 or 2048 bit certificates, brute-forcing through OpenVPN would take years. I wouldn't worry about it.

You could also move OpenVPN to a different port than 1194, so malicious users won't be able to find it.
 
I use the default generated certificates (directly generated by router when server is activated) for server, and couple User/Password, with HMAC protection over tls-auth. I don't know if it's robust enough (with a strong password obviously), that's why i wanted to protect from bruteforce. But as you said, maybe use user certificates could solve this if they are stronger.
 
i prevent other countries from even trying to connect by setting the INPUT chain policy to DROP,
and after that adding the addresses that are allowed to connect to my router.
there is a ipset rule allowing any ip from my country, localhost, internal networks, etc..

Code: 
ramon@ac66u:/tmp/home/root# iptables -nvL

Chain INPUT (policy DROP 3162 packets, 201K bytes)
 pkts bytes target     prot opt in     out     source               destination       
 2021  110K ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           set CountryWhitelist_br src
 107K   22M ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0         
 121K   24M ACCEPT     all  --  *      *       192.168.0.0/16       0.0.0.0/0         
40845   58M ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 255
 
You must log in or register to reply here.

Similar threads

P
Problem connecting to OpenVPN server on AX86U
Replies
4
Views
637
Patrick9876
P
S
OpenVPN server fails after reboot
Replies
6
Views
649
L&LD
L&LD
Sunny786
Help Needed: Configuring OpenVPN Server and Instant Guard on Asus GT-AX11000 with Technicolor CobraXh Modem Router
Replies
11
Views
547
eibgrad
eibgrad
M
OpenVPN / site to site with special security/routing constraints
Replies
7
Views
1K
elorimer
E
bengalih
Bug with corrupted passwords in OpenVPN Server
Replies
14
Views
952
gk802
G
Similar threads
Thread starter Title Forum Replies Date
L How do I protect the Merlin system? Asuswrt-Merlin 1
D Solved Openvpn client dns Asuswrt-Merlin 2
PR3MIUM WireGuard removing OpenVPN on ASUS Routers ? Asuswrt-Merlin 2
T [Help] Problems setting up OpenVPN Asuswrt-Merlin 7
N dedicated router for OpenVPN Asuswrt-Merlin 4
N Solved OpenVPN Server split tunnell config Asuswrt-Merlin 5
C Connection to router by ip fails while remote over OpenVPN Asuswrt-Merlin 17
S OpenVPN LAN access + one external IP Asuswrt-Merlin 3
J VPN director Multiple OpenVPN clients Asuswrt-Merlin 7
G OpenVPN Server log, is this in error ? Asuswrt-Merlin 7

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 740 (members: 26, guests: 714)
Top