Hello all,
I realize that I've many attemps, probably from hackers, to connect to my cos system using openvpn protocol ; here's an example :
So, is it possible that the IP address of the 'sender' is banned after a specified number of tries and/or limit access to european ip addresses for example (I've a list of european ip addresses but I dont know if i can include it using iptables )?
Thanks to all for your help
I realize that I've many attemps, probably from hackers, to connect to my cos system using openvpn protocol ; here's an example :
Dec 2 04:55:15 srv-clearos openvpn: Sun Dec 2 04:55:15 2018 134.159.139.35:64515 SIGUSR1[soft,tls-error] received, client-instance restarting
Dec 2 04:55:15 srv-clearos openvpn: Sun Dec 2 04:55:15 2018 134.159.139.35:64515 TLS: Initial packet from [AF_INET]134.159.139.35:64515 (via [AF_INET]172.31.255.6%eth0), sid=6a22eb44 5adb63fe
Dec 2 04:55:18 srv-clearos openvpn: Sun Dec 2 04:55:18 2018 144.217.208.254:443 TLS: Initial packet from [AF_INET]144.217.208.254:443 (via [AF_INET]172.31.255.6%eth0), sid=6a22eb44 5adb63fe
Dec 2 04:56:16 srv-clearos openvpn: Sun Dec 2 04:56:16 2018 134.159.139.35:64515 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Dec 2 04:56:16 srv-clearos openvpn: Sun Dec 2 04:56:16 2018 134.159.139.35:64515 TLS Error: TLS handshake failed
So, is it possible that the IP address of the 'sender' is banned after a specified number of tries and/or limit access to european ip addresses for example (I've a list of european ip addresses but I dont know if i can include it using iptables )?
Thanks to all for your help
In VPN
Share this post:
Responses (3)
-
Accepted Answer
If you still want goeblocking, there is the outline of a method in this post. You will need to read the rest of the thread as that script only gives you a country list. Other element are needed such as a boot script and firewall script to use the country list. The firewall rules are up to you as it depends on what you are trying to block, but I give examples, I think. -
Accepted Answer
-
Accepted Answer
The ip address listed is a common one used for VPN tunnels between a backup and primary in an HA mode configuration common to ClearBOX. If your servers are in HA mode, this could be your backup server attempting to tunnel through your primary in order to perform updates. If that is the case, open a ticket and have the ClearCenter engineers fix your update VPN from your standby server.
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »