Forums

Resolved
0 votes
Hello all,
I realize that I've many attemps, probably from hackers, to connect to my cos system using openvpn protocol ; here's an example :

Dec  2 04:55:15 srv-clearos openvpn: Sun Dec  2 04:55:15 2018 134.159.139.35:64515 SIGUSR1[soft,tls-error] received, client-instance restarting
Dec 2 04:55:15 srv-clearos openvpn: Sun Dec 2 04:55:15 2018 134.159.139.35:64515 TLS: Initial packet from [AF_INET]134.159.139.35:64515 (via [AF_INET]172.31.255.6%eth0), sid=6a22eb44 5adb63fe
Dec 2 04:55:18 srv-clearos openvpn: Sun Dec 2 04:55:18 2018 144.217.208.254:443 TLS: Initial packet from [AF_INET]144.217.208.254:443 (via [AF_INET]172.31.255.6%eth0), sid=6a22eb44 5adb63fe
Dec 2 04:56:16 srv-clearos openvpn: Sun Dec 2 04:56:16 2018 134.159.139.35:64515 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Dec 2 04:56:16 srv-clearos openvpn: Sun Dec 2 04:56:16 2018 134.159.139.35:64515 TLS Error: TLS handshake failed


So, is it possible that the IP address of the 'sender' is banned after a specified number of tries and/or limit access to european ip addresses for example (I've a list of european ip addresses but I dont know if i can include it using iptables )?
Thanks to all for your help
In VPN
Thursday, December 06 2018, 06:17 AM
Share this post:
Who is viewing this page
Responses (2)
  • Accepted Answer

    Monday, December 10 2018, 02:12 PM - #Permalink
    Resolved
    0 votes
    Hello Dave,
    Thanks for the informations. I decide to ban these addreses so I'll remove them from my black list :)
    But I don't use HA mode ...
    Thanks :)
    The reply is currently minimized Show
  • Accepted Answer

    Thursday, December 06 2018, 04:03 PM - #Permalink
    Resolved
    0 votes
    The ip address listed is a common one used for VPN tunnels between a backup and primary in an HA mode configuration common to ClearBOX. If your servers are in HA mode, this could be your backup server attempting to tunnel through your primary in order to perform updates. If that is the case, open a ticket and have the ClearCenter engineers fix your update VPN from your standby server.
    The reply is currently minimized Show
Your Reply