Skip to content

Instantly share code, notes, and snippets.

@vpieper

vpieper/README-fail2ban-openvpn.md

Forked from drmalex07/README-fail2ban-openvpn.md
Created September 1, 2020 09:20
Show Gist options
  • Save vpieper/6c52c69a513061b5bdf180c3d359dbf0 to your computer and use it in GitHub Desktop.
Save vpieper/6c52c69a513061b5bdf180c3d359dbf0 to your computer and use it in GitHub Desktop.
Download ZIP
Block unauthorized requests to OpenVPN using fail2ban. #openvpn #fail2ban
Raw
README-fail2ban-openvpn.md

Block unauthorized requests to OpenVPN using fail2ban.

The following is based on https://stefan.angrick.me/block-unauthorized-openvpn-logins-using-fail2ban.

1. Create filter confifuration

Add a filter configuration under /etc/fail2ban/filter.d/openvpn.conf. The contents would be something like (regular expressions may need adjustments):

[INCLUDES]
before = common.conf

[Definition] 
failregex =%(__hostname)s ovpn-server.*:.<HOST>:[0-9]{4,5} TLS Auth Error:.*
           %(__hostname)s ovpn-server.*:.<HOST>:[0-9]{4,5} VERIFY ERROR:.*
           %(__hostname)s ovpn-server.*:.<HOST>:[0-9]{4,5} TLS Error: TLS handshake failed.*
           %(__hostname)s ovpn-server.*: TLS Error: cannot locate HMAC in incoming packet from \[AF_INET\]<HOST>:[0-9]{4,5}

Test regular expressions against your logfiles using fail2ban-regex:

fail2ban-regex -v /var/log/syslog /etc/fail2ban/filter.d/openvpn.conf

2. Create jail configuration

Add a jail configuration under /etc/fail2ban/jail.d/openvpn.conf:

[openvpn] 
enabled = true
port = 11194
protocol = udp
filter = openvpn
logpath = /var/log/syslog
maxretry = 5

3. Restart fail2ban

Restart service:

systemctl restart fail2ban.service

Watch your iptables for jailed hosts under f2b-openvpn chain (-v will also list number of packets involved in each rule):

iptables -L -n -v
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment