Forums

Subscribe via email Subscribe via email
Subscribe via rss
Guest
or Ask a Question
Add a reply View Replies (3) →
Arnaud Forster
Arnaud Forster
Offline

Limit connection to european people

Resolved
0 votes
Hello all,
I realize that I've many attemps, probably from hackers, to connect to my cos system using openvpn protocol ; here's an example : 

Dec  2 04:55:15 srv-clearos openvpn: Sun Dec  2 04:55:15 2018 134.159.139.35:64515 SIGUSR1[soft,tls-error] received, client-instance restarting

Dec  2 04:55:15 srv-clearos openvpn: Sun Dec  2 04:55:15 2018 134.159.139.35:64515 TLS: Initial packet from [AF_INET]134.159.139.35:64515 (via [AF_INET]172.31.255.6%eth0), sid=6a22eb44 5adb63fe

Dec  2 04:55:18 srv-clearos openvpn: Sun Dec  2 04:55:18 2018 144.217.208.254:443 TLS: Initial packet from [AF_INET]144.217.208.254:443 (via [AF_INET]172.31.255.6%eth0), sid=6a22eb44 5adb63fe

Dec  2 04:56:16 srv-clearos openvpn: Sun Dec  2 04:56:16 2018 134.159.139.35:64515 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)

Dec  2 04:56:16 srv-clearos openvpn: Sun Dec  2 04:56:16 2018 134.159.139.35:64515 TLS Error: TLS handshake failed


So, is it possible that the IP address of the 'sender' is banned after a specified number of tries and/or limit access to european ip addresses for example (I've a list of european ip addresses but I dont know if i can include it using iptables )?
Thanks to all for your help
In VPN
Thursday, December 06 2018, 06:17 AM
Subscribe via email
Share this post:
Responses (3)

  • Accepted Answer

    Dave Loper
    Dave Loper
    Offline
    Thursday, December 06 2018, 04:03 PM - #Permalink
    Resolved
    0 votes
    The ip address listed is a common one used for VPN tunnels between a backup and primary in an HA mode configuration common to ClearBOX. If your servers are in HA mode, this could be your backup server attempting to tunnel through your primary in order to perform updates. If that is the case, open a ticket and have the ClearCenter engineers fix your update VPN from your standby server.
    The reply is currently minimized Show

  • Accepted Answer

    Arnaud Forster
    Arnaud Forster
    Offline
    Monday, December 10 2018, 02:12 PM - #Permalink
    Resolved
    0 votes
    Hello Dave,
    Thanks for the informations. I decide to ban these addreses so I'll remove them from my black list :)
    But I don't use HA mode ...
    Thanks :)
    The reply is currently minimized Show

  • Accepted Answer

    Nick Howitt
    Nick Howitt
    Offline
    Tuesday, December 11 2018, 08:17 AM - #Permalink
    Resolved
    0 votes
    If you still want goeblocking, there is the outline of a method in this post. You will need to read the rest of the thread as that script only gives you a country list. Other element are needed such as a boot script and firewall script to use the country list. The firewall rules are up to you as it depends on what you are trying to block, but I give examples, I think.
    The reply is currently minimized Show
Your Reply