OpenVPN safe

If your problem doesn't fall into one of the other categories, report it here.

Moderator: Moderators

Post Reply
cobra98
Posts: 121
Joined: Tue Oct 15, 2013 5:07 am

OpenVPN safe

Post by cobra98 »

I recognized this try

Code: Select all

2020/12/26	10:59:55,75	M			<29>dec 26 10:59:56 5minutesp openvpn(custom_config)[6320]: tcp connection established with [af_inet]167.248.133.56:39476			
2020/12/26	10:59:55,75	M			<27>dec 26 10:59:56 5minutesp openvpn(custom_config)[6320]: 167.248.133.56:39476 tls error: initial packet local/remote key_method mismatch, local key_method=2, op=p_control_hard_reset_client_v1			
2020/12/26	10:59:55,75	M			<27>dec 26 10:59:56 5minutesp openvpn(custom_config)[6320]: 167.248.133.56:39476 fatal tls error (check_tls_errors_co), restarting			
2020/12/26	10:59:55,75	M			<29>dec 26 10:59:56 5minutesp openvpn(custom_config)[6320]: 167.248.133.56:39476 sigusr1[soft,tls-error] received, client-instance restarting			
2020/12/26	10:59:56,02	M			<29>dec 26 10:59:56 5minutesp openvpn(custom_config)[6320]: tcp connection established with [af_inet]167.248.133.56:45058			
2020/12/26	10:59:56,02	I	tcp	167.248.133.56		45058	167.248.133.56	45058
2020/12/26	11:00:00,70	A			1 'Inbounds' in the last 1 minute			
2020/12/26	10:59:56,02	I	tcp	167.248.133.56		45058	167.248.133.56	45058
2020/12/26	10:59:56,02	M			<27>dec 26 10:59:56 5minutesp openvpn(custom_config)[6320]: 167.248.133.56:45058 fatal tls error (check_tls_errors_co), restarting			
2020/12/26	10:59:56,02	M			<29>dec 26 10:59:56 5minutesp openvpn(custom_config)[6320]: 167.248.133.56:45058 sigusr1[soft,tls-error] received, client-instance restarting			
2020/12/26	11:00:00,66	M			<29>dec 26 10:59:56 5minutesp openvpn(custom_config)[6320]: tcp connection established with [af_inet]167.248.133.56:50998			
2020/12/26	11:00:00,66	M			<27>dec 26 10:59:57 5minutesp openvpn(custom_config)[6320]: 167.248.133.56:50998 connection reset, restarting [-1]			
2020/12/26	11:00:00,66	M			<29>dec 26 10:59:57 5minutesp openvpn(custom_config)[6320]: 167.248.133.56:50998 sigusr1[soft,connection-reset] received, client-instance restarting			
2020/12/26	11:00:00,66	M			<29>dec 26 10:59:57 5minutesp openvpn(custom_config)[6320]: tcp connection established with [af_inet]167.248.133.56:46676			
2020/12/26	11:00:00,66	M			<28>dec 26 10:59:57 5minutesp openvpn(custom_config)[6320]: 167.248.133.56:46676 warning: bad encapsulated packet length from peer (5635), which must be > 0 and <= 1627 -- please ensure that --tun-mtu or --link-mtu is equal on both peers -- this condition could also indicate a possible active attack on the tcp link -- [attempting restart...]			
2020/12/26	11:00:00,66	M			<27>dec 26 10:59:57 5minutesp openvpn(custom_config)[6320]: 167.248.133.56:46676 connection reset, restarting [0]			
2020/12/26	11:00:00,66	M			<29>dec 26 10:59:57 5minutesp openvpn(custom_config)[6320]: 167.248.133.56:46676 sigusr1[soft,connection-reset] received, client-instance restarting			
2020/12/26	11:00:00,66	M			<29>dec 26 10:59:58 5minutesp openvpn(custom_config)[6320]: tcp connection established with [af_inet]167.248.133.56:52706			
2020/12/26	11:00:00,66	M			<28>dec 26 10:59:59 5minutesp openvpn(custom_config)[6320]: 167.248.133.56:52706 warning: bad encapsulated packet length from peer (18245), which must be > 0 and <= 1627 -- please ensure that --tun-mtu or --link-mtu is equal on both peers -- this condition could also indicate a possible active attack on the tcp link -- [attempting restart...]			
2020/12/26	11:00:00,66	M			<27>dec 26 10:59:59 5minutesp openvpn(custom_config)[6320]: 167.248.133.56:52706 connection reset, restarting [0]			
2020/12/26	11:00:00,66	M			<29>dec 26 10:59:59 5minutesp openvpn(custom_config)[6320]: 167.248.133.56:52706 sigusr1[soft,connection-reset] received, client-instance restarting			
2020/12/26	11:00:00,66	M			<29>dec 26 10:59:59 5minutesp openvpn(custom_config)[6320]: tcp connection established with [af_inet]167.248.133.56:51036			
2020/12/26	11:00:00,66	M			<27>dec 26 10:59:59 5minutesp openvpn(custom_config)[6320]: 167.248.133.56:51036 connection reset, restarting [-1]			
2020/12/26	11:00:00,66	M			<29>dec 26 10:59:59 5minutesp openvpn(custom_config)[6320]: 167.248.133.56:51036 sigusr1[soft,connection-reset] received, client-instance restarting	


Can i say from this log it is an attack but did not succeed?
After i installed BearDropper any other suggestions for safety?

RomanHK
Posts: 794
Joined: Sat May 04, 2013 4:18 pm
Location: Czech Republik

Re: OpenVPN safe

Post by RomanHK »

I don't know and it's no wonder. You use OpenVPN with the TCP protocol, where this is not recommended for reasons of port scanning and then subsequent testing of known ports.

:!: I recommend to quickly change the port from TCP 1194 to UDP xxxx (eg 25432)
Image
Turris Omnia with OpenWrt 21.02 - Tested
Linksys WRT3200ACM with Gargoyle 1.13.x
TL-WR1043ND v2 with Gargoyle 1.10.0

http://gargoyle.romanhk.cz custom builds by gargoyle users

cobra98
Posts: 121
Joined: Tue Oct 15, 2013 5:07 am

Re: OpenVPN safe

Post by cobra98 »

Thanks didn`t know that,
any feed/bulletin/news you recommend for checking such informations?

Post Reply