Page 1 of 1

Unwanted visitor (need help securing VPN) PIVPN => Fail2Ban

Posted: Wed Feb 12, 2020 8:40 pm
by S10
I've had a nasty encounter with an unwanted visitor on my home network.
Which caught me quite off guard because i was in the perception i had my security in order.
-No upnp on my DD-WRT router
-Only one port forware rule for VPN
-Secured ubuiqity Wifi network
-Fail2Ban setup using recommended settings from fail2ban page.

But from out of nowhere i had someone trying to mirror his android A50 phone on my television.
And since no one in this house owns a samsung phone i was in quite the panic.

So i immediatly pulled the plug and started analyzing and fairly quickly found the /var/log/openvpn.log file which stated that someone connected from australia succesfully connected with my openvpn server (pivpn)

My Openvpn server is configured with pivpn using the advised settings and secured the .ovpn with a passphrase.
So i couldn't stop thinking, what just had happened. Did they just brute force themselves into my vpn?

So that was the supporting story, now up to the question.
I was in the presumption fail2ban should block all brute force attempts, but i just noticed my /var/log/openvpn.log never states any failed login attempts nor does my messages files or syslog, or the auth.log. So without any logging information regarding failed login attempts. Fail2Ban aint gonna do anything.

So how do i ensure failed login attempts are logged.

Re: Unwanted visitor (need help securing VPN) PIVPN => Fail2Ban

Posted: Thu Feb 13, 2020 12:48 am
by Joulinar

honestly I'm not sure that this is even possible and someone could connect to your OpenVPN server by just using brute force attack. Usually you would need to have a valid client config file using server/CA certificate. Without this file, a connection should not be established.

At least I hope you are using server/CA certificate and not just user/password. As server/CA certificate would be the default on PiVPN.