Is there a new OpenVPN exploit

bobtskutter · September 22, 2018, 7:48pm

I’ve been thinking about these intrusion attempts.

Here’s an extract from my openvpn log

Sat Sep 22 20:22:07 2018 85.106.103.214:80 SIGUSR1[soft,tls-error] received, client-instance restarting
Sat Sep 22 20:26:16 2018 147.135.26.5:65139 TLS: Initial packet from [AF_INET]147.135.26.5:65139 (via [AF_INET]30.1.1.3%eth0), sid=6a22eb44 5adb63fe
Sat Sep 22 20:27:17 2018 147.135.26.5:65139 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Sat Sep 22 20:27:17 2018 147.135.26.5:65139 TLS Error: TLS handshake failed
Sat Sep 22 20:27:17 2018 147.135.26.5:65139 SIGUSR1[soft,tls-error] received, client-instance restarting
Sat Sep 22 20:27:20 2018 147.135.26.5:65139 TLS: Initial packet from [AF_INET]147.135.26.5:65139 (via [AF_INET]30.1.1.3%eth0), sid=6a22eb44 5adb63fe
Sat Sep 22 20:28:20 2018 147.135.26.5:65139 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Sat Sep 22 20:28:20 2018 147.135.26.5:65139 TLS Error: TLS handshake failed
Sat Sep 22 20:28:20 2018 147.135.26.5:65139 SIGUSR1[soft,tls-error] received, client-instance restarting
Sat Sep 22 20:35:19 2018 149.56.13.49:443 TLS: Initial packet from [AF_INET]149.56.13.49:443 (via [AF_INET]30.1.1.3%eth0), sid=6a22eb44 5adb63fe
Sat Sep 22 20:36:19 2018 149.56.13.49:443 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Sat Sep 22 20:36:19 2018 149.56.13.49:443 TLS Error: TLS handshake failed
Sat Sep 22 20:36:19 2018 149.56.13.49:443 SIGUSR1[soft,tls-error] received, client-instance restarting
Sat Sep 22 20:36:19 2018 149.56.13.49:443 TLS: Initial packet from [AF_INET]149.56.13.49:443 (via [AF_INET]30.1.1.3%eth0), sid=6a22eb44 5adb63fe
Sat Sep 22 20:37:19 2018 149.56.13.49:443 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Sat Sep 22 20:37:19 2018 149.56.13.49:443 TLS Error: TLS handshake failed
Sat Sep 22 20:37:19 2018 149.56.13.49:443 SIGUSR1[soft,tls-error] received, client-instance restarting

All the in coming scans are from random ports.

Can the Nethserver firewall be set up to only NAT traffic to the OpenVPN server that comes FROM the OpenVPN port 1194? That should help eliminate most of the in comming rouge traffic.

if so…how?

Regards
Bob