Menu
What's new
By:
Filters Better Search

router log, am I under attack?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

P

paulli

New Around Here
Hi,

I noticed some very strange openvpn connection in my ac68u log, am I under attack? I don't recognized the ip addresses that are trying to make the openvpn connection.

Oct 4 09:59:57 ntp: start NTP update
Oct 4 10:59:57 ntp: start NTP update
Oct 4 11:18:49 openvpn[16361]: TCP connection established with [AF_INET]176.126.221.42:56447
Oct 4 11:18:49 openvpn[16361]: 176.126.221.42:56447 WARNING: Bad encapsulated packet length from peer (32838), which must be > 0 and <= 1592 -- please ensure that --tun-mtu or --link-mtu is equal on both peers -- this condition could also indicate a possible active attack on the TCP link -- [Attempting restart...]
Oct 4 11:18:49 openvpn[16361]: 176.126.221.42:56447 Connection reset, restarting [0]
Oct 4 11:18:49 openvpn[16361]: 176.126.221.42:56447 SIGUSR1[soft,connection-reset] received, client-instance restarting
Oct 4 11:18:55 openvpn[16361]: TCP connection established with [AF_INET]176.126.221.42:56463
Oct 4 11:18:55 openvpn[16361]: 176.126.221.42:56463 WARNING: Bad encapsulated packet length from peer (32838), which must be > 0 and <= 1592 -- please ensure that --tun-mtu or --link-mtu is equal on both peers -- this condition could also indicate a possible active attack on the TCP link -- [Attempting restart...]
Oct 4 11:18:55 openvpn[16361]: 176.126.221.42:56463 Connection reset, restarting [0]
Oct 4 11:18:55 openvpn[16361]: 176.126.221.42:56463 SIGUSR1[soft,connection-reset] received, client-instance restarting
Oct 4 11:38:54 openvpn[16361]: TCP connection established with [AF_INET]213.136.104.226:57654
Oct 4 11:38:54 openvpn[16361]: 213.136.104.226:57654 TCP connection established with [AF_INET]213.136.104.226:10629
Oct 4 11:38:54 openvpn[16361]: 213.136.104.226:10629 WARNING: Bad encapsulated packet length from peer (5635), which must be > 0 and <= 1592 -- please ensure that --tun-mtu or --link-mtu is equal on both peers -- this condition could also indicate a possible active attack on the TCP link -- [Attempting restart...]
Oct 4 11:38:54 openvpn[16361]: 213.136.104.226:10629 Connection reset, restarting [0]
Oct 4 11:38:54 openvpn[16361]: 213.136.104.226:10629 SIGUSR1[soft,connection-reset] received, client-instance restarting
Oct 4 11:38:55 openvpn[16361]: 213.136.104.226:57654 WARNING: Bad encapsulated packet length from peer (32838), which must be > 0 and <= 1592 -- please ensure that --tun-mtu or --link-mtu is equal on both peers -- this condition could also indicate a possible active attack on the TCP link -- [Attempting restart...]
Oct 4 11:38:55 openvpn[16361]: 213.136.104.226:57654 Connection reset, restarting [0]
Oct 4 11:38:55 openvpn[16361]: 213.136.104.226:57654 SIGUSR1[soft,connection-reset] received, client-instance restarting
Oct 4 11:43:42 openvpn[16361]: TCP connection established with [AF_INET]193.109.199.200:48439
Oct 4 11:43:42 openvpn[16361]: 193.109.199.200:48439 Connection reset, restarting [0]
Oct 4 11:43:42 openvpn[16361]: 193.109.199.200:48439 SIGUSR1[soft,connection-reset] received, client-instance restarting
Oct 4 11:45:12 openvpn[16361]: TCP connection established with [AF_INET]193.109.199.200:56358
Oct 4 11:45:12 openvpn[16361]: 193.109.199.200:56358 Connection reset, restarting [0]
Oct 4 11:45:12 openvpn[16361]: 193.109.199.200:56358 SIGUSR1[soft,connection-reset] received, client-instance restarting
Oct 4 11:46:57 openvpn[16361]: TCP connection established with [AF_INET]193.109.199.200:60939
Oct 4 11:46:57 openvpn[16361]: 193.109.199.200:60939 Connection reset, restarting [0]
Oct 4 11:46:57 openvpn[16361]: 193.109.199.200:60939 SIGUSR1[soft,connection-reset] received, client-instance restarting
Oct 4 11:48:35 openvpn[16361]: TCP connection established with [AF_INET]193.109.199.200:55426
Oct 4 11:48:35 openvpn[16361]: 193.109.199.200:55426 Connection reset, restarting [0]
Oct 4 11:48:35 openvpn[16361]: 193.109.199.200:55426 SIGUSR1[soft,connection-reset] received, client-instance restarting
Oct 4 11:50:59 openvpn[16361]: TCP connection established with [AF_INET]193.109.199.200:20374
Oct 4 11:50:59 openvpn[16361]: 193.109.199.200:20374 Connection reset, restarting [0]
Oct 4 11:50:59 openvpn[16361]: 193.109.199.200:20374 SIGUSR1[soft,connection-reset] received, client-instance restarting
Oct 4 11:53:25 openvpn[16361]: TCP connection established with [AF_INET]193.109.199.200:50946
Oct 4 11:53:25 openvpn[16361]: 193.109.199.200:50946 Connection reset, restarting [0]
Oct 4 11:53:25 openvpn[16361]: 193.109.199.200:50946 SIGUSR1[soft,connection-reset] received, client-instance restarting
Oct 4 11:54:47 openvpn[16361]: TCP connection established with [AF_INET]159.0.136.86:50729
Oct 4 11:54:47 openvpn[16361]: 159.0.136.86:50729 WARNING: Bad encapsulated packet length from peer (32838), which must be > 0 and <= 1592 -- please ensure that --tun-mtu or --link-mtu is equal on both peers -- this condition could also indicate a possible active attack on the TCP link -- [Attempting restart...]
Oct 4 11:54:47 openvpn[16361]: 159.0.136.86:50729 Connection reset, restarting [0]
Oct 4 11:54:47 openvpn[16361]: 159.0.136.86:50729 SIGUSR1[soft,connection-reset] received, client-instance restarting
Oct 4 11:54:48 openvpn[16361]: TCP connection established with [AF_INET]159.0.136.86:50720
Oct 4 11:54:48 openvpn[16361]: 159.0.136.86:50720 WARNING: Bad encapsulated packet length from peer (32838), which must be > 0 and <= 1592 -- please ensure that --tun-mtu or --link-mtu is equal on both peers -- this condition could also indicate a possible active attack on the TCP link -- [Attempting restart...]
Oct 4 11:54:48 openvpn[16361]: 159.0.136.86:50720 Connection reset, restarting [0]
Oct 4 11:54:48 openvpn[16361]: 159.0.136.86:50720 SIGUSR1[soft,connection-reset] received, client-instance restarting
Oct 4 11:57:52 openvpn[16361]: TCP connection established with [AF_INET]213.136.104.226:34997
Oct 4 11:57:52 openvpn[16361]: 213.136.104.226:34997 TCP connection established with [AF_INET]213.136.104.226:48262
Oct 4 11:57:52 openvpn[16361]: 213.136.104.226:48262 WARNING: Bad encapsulated packet length from peer (5635), which must be > 0 and <= 1592 -- please ensure that --tun-mtu or --link-mtu is equal on both peers -- this condition could also indicate a possible active attack on the TCP link -- [Attempting restart...]
Oct 4 11:57:52 openvpn[16361]: 213.136.104.226:48262 Connection reset, restarting [0]
Oct 4 11:57:52 openvpn[16361]: 213.136.104.226:48262 SIGUSR1[soft,connection-reset] received, client-instance restarting
Oct 4 11:57:53 openvpn[16361]: 213.136.104.226:34997 WARNING: Bad encapsulated packet length from peer (32838), which must be > 0 and <= 1592 -- please ensure that --tun-mtu or --link-mtu is equal on both peers -- this condition could also indicate a possible active attack on the TCP link -- [Attempting restart...]
Oct 4 11:57:53 openvpn[16361]: 213.136.104.226:34997 Connection reset, restarting [0]
Oct 4 11:57:53 openvpn[16361]: 213.136.104.226:34997 SIGUSR1[soft,connection-reset] received, client-instance restarting
Oct 4 11:57:57 openvpn[16361]: TCP connection established with [AF_INET]213.136.104.226:55379
Oct 4 11:57:58 openvpn[16361]: TCP connection established with [AF_INET]213.136.104.226:35728
Oct 4 11:57:58 openvpn[16361]: 213.136.104.226:35728 WARNING: Bad encapsulated packet length from peer (5635), which must be > 0 and <= 1592 -- please ensure that --tun-mtu or --link-mtu is equal on both peers -- this condition could also indicate a possible active attack on the TCP link -- [Attempting restart...]
Oct 4 11:57:58 openvpn[16361]: 213.136.104.226:35728 Connection reset, restarting [0]
Oct 4 11:57:58 openvpn[16361]: 213.136.104.226:35728 SIGUSR1[soft,connection-reset] received, client-instance restarting
Oct 4 11:57:58 openvpn[16361]: 213.136.104.226:55379 WARNING: Bad encapsulated packet length from peer (32838), which must be > 0 and <= 1592 -- please ensure that --tun-mtu or --link-mtu is equal on both peers -- this condition could also indicate a possible active attack on the TCP link -- [Attempting restart...]
Oct 4 11:57:58 openvpn[16361]: 213.136.104.226:55379 Connection reset, restarting [0]
Oct 4 11:57:58 openvpn[16361]: 213.136.104.226:55379 SIGUSR1[soft,connection-reset] received, client-instance restarting
Oct 4 11:59:57 ntp: start NTP update
 
What port is your OpenVPN server listening to? I strongly recommend avoiding any of the ports used by other web services such as 80 or 443, as these will see a LOT of port scanning activity.
 
RMerlin said:
What port is your OpenVPN server listening to? I strongly recommend avoiding any of the ports used by other web services such as 80 or 443, as these will see a LOT of port scanning activity.
Click to expand...

Unfortunately I only could use those ports because they block everything else at work.

Is there anyway I could block a network in the Asus AC68U?

I am not using the Merlin firmware because OpenVPN is extreme slow when transferring files.
 
Last edited:
paulli said:
Unfortunately I only could use those ports because they block everything else at work.

Is there anyway I could block a network in the Asus AC68U?

I am not using the Merlin firmware because OpenVPN is extreme slow when transferring files.
Click to expand...

Try switching to 80 udp instead of 80 tcp, just in case the sysadmin at work isn't that clever and somehow opened port 80 for both protocols. If it works, you'll be fine - web servers don't use udp, so scanners won't be trying it out.

Switching from port 80 to 443 might also help, as most scanners will try only port 80 - the SSL handshaking of port 443 would slow their scanning process too much.

Otherwise, you'd have to go with my firmware, and customize your firewall rules to only accept inbound connections coming from your work's static IP (it's most likely static if they have such a sophisticated firewall policy in place).

OpenVPN performance should be equal or even slightly better with my firmware than stock firmware, as I enable additional compiler optimizations over those used by Asus.
 
You must log in or register to reply here.

Similar threads

B
Unable to establish VPN connection to my PiVPN (ovpn) from my Asus RT-AC86U running Asuswrt-Merlin 386.14
Replies
1
Views
196
eibgrad
eibgrad
T
[Help] Problems setting up OpenVPN
Replies
7
Views
279
Thookie
T
K
Dropouts on ASUS RT-AX86U
Replies
5
Views
325
kram66
K
N
RT-AX86U-Pro, WAN disconnect every 36 hours
2
Replies
25
Views
2K
Nick24
N
P
OVPN Problem. Asus rt ax56u (latest merlin firmware
Replies
9
Views
2K
pattox
P
Similar threads
Thread starter Title Forum Replies Date
N Recommendation For Next Router. Currently have RT-AC88U and RT-AC68U (as a node). ASUS AC Routers & Adapters (Wi-Fi 5) 8
Y Need help accessing Asus AC3200 router ASUS AC Routers & Adapters (Wi-Fi 5) 7
T Weird issue while applying firewall URL filter with my RT-AC86u router! ASUS AC Routers & Adapters (Wi-Fi 5) 3
Z Using AC86U for router functions, and newer TP link system for wifi? ASUS AC Routers & Adapters (Wi-Fi 5) 3
TheRobLP router.asus.com stopped working | 4G-AC86U ASUS AC Routers & Adapters (Wi-Fi 5) 6
C Powering a 19V Asus Router with a USB-PD laptop Cord? ASUS AC Routers & Adapters (Wi-Fi 5) 7
C Wireless stopped working on RT-AC86U Router ASUS AC Routers & Adapters (Wi-Fi 5) 9
B How to force device to use WiFi AP instead of main router ASUS AC Routers & Adapters (Wi-Fi 5) 13
C Connect Fibre and RT-AC86U Router - How to Connect? ASUS AC Routers & Adapters (Wi-Fi 5) 8
keef AC3100 Router with AC3000 Mesh node ASUS AC Routers & Adapters (Wi-Fi 5) 8

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Staff online

Members online

Total: 847 (members: 34, guests: 813)
Top