I've been seeing about 7000-12000 lines related to various IPs hitting openvpn to attempt to get in. So I thought I'd look if I could get fail2ban to start banning these troublemakers.
(I've got some problem with the attack detector at the moment ... see other post, but would like to get this going in parallel.)
One of the FAQs on the fail2ban site shows a setup for openvpn.
HOWTO fail2ban with OpenVPN
I want to try the instructions but I can't find where the openvpn log entries are that show up in logwatch. Where are the openvpn logs??
I was wondering why the attach detector hadn't done anything for a while and also wanted to look at doing something about the hammering against openvpn.
Today I finally had some time and found following:
The last time fail2ban wrote anything to a log was Mar 24/25.
I'm just starting to try to figure this out but am not sure where to start looking. A suggestion on where you start would be appreciated.
Yes the old options still work.
I suspect we're still running an older version of OpenVPN so it should be OK for now.
My concern is that VPN is an important package and with so many security issues all over the place, it will likely need to be updated soon. That could lead to some problems with the server getting updated and all the clients being temporarily unable to connect.
So that is why I asked how we should manage this going forward.
I updated Tunnelblick yesterday and got a notice that the following options from the OpenVPN configuration are deprecated in v2.4 and will be removed in v2.5.
Unfortunately, the new options that I tried to replace the outdated options don't work and Tunnelblick won't connect and crashes.
The options that are being deprecated and removed are "comp-lzo" and "ns-cert-type server".
They are being replace by "compress lzo" and "remote-cert-tls server"
How should we be managing this going forward?
Out of curiosity, could the following from my logs give any indication of the problem.
I'm assuming that these log entries ended up due to the upgrade process. ???
The timing coincides with the upgrade process on my box.
Marcel van Leeuwen wrote:
and my Android devices and apps can now connect and sync with the COS server.
Off-topic, but interesting to me and maybe other.
Out of interest what app are you running on Android to sync with ClearOS?
I'm considering switching to Android, and I have Android Phone from the company I work for.
There are many ways to achieve the result but I use "FolderSync Pro". Company producing the app is called Tacit [www.tacit.dk/foldersync]. I purchased the app from the Google Play Store but there is a free version to test.
I use Unison on the Mac to sync files to my COS and the mobile Android devices to sync with the COS. Please note that these are scheduled sync and not automatic.
If you have any questions on how I make it all work, send me a PM.
Thanks everyone for providing a fix!
I've also made the smb.conf change to and my Android devices and apps can now connect and sync with the COS server.
I had the server running one of the NAS apps from the Marketplace but since it didn't consistently update the interface for added/removed content, I just removed it. It was too frustrating to try to figure out why some content was available and other content not.
So in theory, I don't have a NAS running anymore but some of the config info must still be in the smb.conf file??
I noticed this problem today when I tried to sync some files from my Android (v4.1) tablet to the COS server. SMB isn't connecting within some apps (Total Commander & Folder Sync) but VLC does connect for some reason. Our Macs running OSX 10.11 through 10.12 can connect OK. We don't have any windows boxes (expect in VMs) so can't comment on those.
Not sure if this helps in some way to narrow down the issue and repeatability.
Thanks for posting the solution. I'll downgrade the files as everything worked fine prior to this mornings update.