I’ve had a nasty encounter with an unwanted visitor on my home network.
Which caught me quite off guard because i was in the perception i had my security in order.
-No upnp on my DD-WRT router
-Only one port forware rule for VPN
-Secured ubuiqity Wifi network
-Fail2Ban setup using recommended settings from fail2ban page.
But from out of nowhere i had someone trying to mirror his android A50 phone on my television.
And since no one in this house owns a samsung phone i was in quite the panic.
So i immediatly pulled the plug and started analyzing and fairly quickly found the /var/log/openvpn.log file which stated that someone connected from australia succesfully connected with my openvpn server (pivpn)
My Openvpn server is configured with pivpn using the advised settings and secured the .ovpn with a passphrase.
So i couldn’t stop thinking, what just had happened. Did they just brute force themselves into my vpn?
So that was the supporting story, now up to the question.
I was in the presumption fail2ban should block all brute force attempts, but i just noticed my /var/log/openvpn.log never states any failed login attempts nor does my messages files or syslog, or the auth.log. So without any logging information regarding failed login attempts. Fail2Ban aint gonna do anything.
So how do i ensure failed login attempts are logged.