Unwanted visitor (need help securing VPN) PIVPN => Fail2Ban

Having issues with your DietPi installation, or, found a bug? Post it here.
Post Reply
S10
Posts: 23
Joined: Wed Oct 31, 2018 7:06 pm

Unwanted visitor (need help securing VPN) PIVPN => Fail2Ban

Post by S10 »

I've had a nasty encounter with an unwanted visitor on my home network.
Which caught me quite off guard because i was in the perception i had my security in order.
-No upnp on my DD-WRT router
-Only one port forware rule for VPN
-Secured ubuiqity Wifi network
-Fail2Ban setup using recommended settings from fail2ban page.

But from out of nowhere i had someone trying to mirror his android A50 phone on my television.
And since no one in this house owns a samsung phone i was in quite the panic.

So i immediatly pulled the plug and started analyzing and fairly quickly found the /var/log/openvpn.log file which stated that someone connected from australia succesfully connected with my openvpn server (pivpn)

My Openvpn server is configured with pivpn using the advised settings and secured the .ovpn with a passphrase.
So i couldn't stop thinking, what just had happened. Did they just brute force themselves into my vpn?

So that was the supporting story, now up to the question.
I was in the presumption fail2ban should block all brute force attempts, but i just noticed my /var/log/openvpn.log never states any failed login attempts nor does my messages files or syslog, or the auth.log. So without any logging information regarding failed login attempts. Fail2Ban aint gonna do anything.

So how do i ensure failed login attempts are logged.
User avatar
Joulinar
Posts: 2022
Joined: Sat Nov 16, 2019 12:49 am

Re: Unwanted visitor (need help securing VPN) PIVPN => Fail2Ban

Post by Joulinar »

Hi,

honestly I'm not sure that this is even possible and someone could connect to your OpenVPN server by just using brute force attack. Usually you would need to have a valid client config file using server/CA certificate. Without this file, a connection should not be established.

At least I hope you are using server/CA certificate and not just user/password. As server/CA certificate would be the default on PiVPN.
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
Post Reply