Forums

nuke
nuke
Offline
Resolved
0 votes
I've been seeing about 7000-12000 lines related to various IPs hitting openvpn to attempt to get in. So I thought I'd look if I could get fail2ban to start banning these troublemakers.

(I've got some problem with the attack detector at the moment ... see other post, but would like to get this going in parallel.)

One of the FAQs on the fail2ban site shows a setup for openvpn.

HOWTO fail2ban with OpenVPN

I want to try the instructions but I can't find where the openvpn log entries are that show up in logwatch. Where are the openvpn logs??

Thanks.
Monday, September 24 2018, 02:30 AM
Share this post:
Responses (1)
  • Accepted Answer

    Monday, September 24 2018, 07:18 AM - #Permalink
    Resolved
    0 votes
    /var/log/messages.

    Be a little careful with the detection filters and check your logs. You do not want more than one filter to be triggered on any failed login otherwise you may want to increase your maxretry.
    The reply is currently minimized Show
Your Reply