I'm trying to configure fail2ban for openvpn. It seems rather simple:
I've created a openvpn.conf in the /etc/fail2ban/filter.d folder:
Code: Select all
[Definition]
failregex = ^ TLS Error: incoming packet authentication failed from \[AF_INET\]<HOST>:\d+$
^ <HOST>:\d+ Connection reset, restarting
^ <HOST>:\d+ TLS Auth Error
^ <HOST>:\d+ TLS Error: TLS handshake failed$
^ <HOST>:\d+ VERIFY ERROR
ignoreregex =
Code: Select all
[openvpn]
enabled = true
port = 1194
protocol = udp
filter = openvpn
logpath = /etc/openvpn/openvpn.log
maxretry = 3
Code: Select all
Creating new jail 'openvpn'
Jail 'openvpn' uses poller {}
Initiated 'polling' backend
Added logfile = /etc/openvpn/openvpn.log
Set maxRetry = 3
Set jail log file encoding to ANSI_X3.4-19
Set banTime = 3600
Set findtime = 600
Jail 'sshd' started
Jail 'openvpn' started
Code: Select all
Mon May 8 19:44:08 2017 us=202867 Authenticate/Decrypt packet error: packet HMAC authentication failed
Mon May 8 19:44:08 2017 us=202970 TLS Error: incoming packet authentication failed from [AF_INET]139.xxx.36.xxx:49483
Mon May 8 19:44:10 2017 us=713887 Authenticate/Decrypt packet error: packet HMAC authentication failed
Mon May 8 19:44:10 2017 us=713979 TLS Error: incoming packet authentication failed from [AF_INET]139.xxx.36.xxx:49483
Mon May 8 19:44:15 2017 us=737824 Authenticate/Decrypt packet error: packet HMAC authentication failed
Mon May 8 19:44:15 2017 us=737898 TLS Error: incoming packet authentication failed from [AF_INET]139.xxx.36.xxx:49483
Mon May 8 19:44:24 2017 us=295880 Authenticate/Decrypt packet error: packet HMAC authentication failed
Mon May 8 19:44:24 2017 us=296093 TLS Error: incoming packet authentication failed from [AF_INET]139.xxx.36.xxx:49483
Any help appreciated.
lamazzi