I noticed a enormous amount of fail2ban mails about attempts to log in / abuse the openvpn service.
Anyone else noticed a dramatic increase in openvpn traffic/hack attempts?
Worth asking: default port for your daemon?
no, regular level ± 500/day
Does fail2ban blocks the attacker?
Check the fail2ban log
Yes, the last days there were a lot of attempts.
Fail2ban banned them.
No hints of successfull login in logs!
Thanks to @stephdl for this great peace of software in nethserver! 
2 Likes
I have default modules for openvpn and fail2ban installed so, probably either 1194 or 943… I must say I didn’t look into that too much…
I agree that running on a non standard port will reduce attempts dramatically. I have seen that with SSH: since I run that on a non standard port I have almost no SSH login attempts anymore…
However, it does feel quite safe to have fail2ban running.
1 Like
Let’s say that It could avoid most… malicious OpenVPN knockers for access…
Seeing the same thing over the last couple of days. A HUGE increase in the number of connection attempts.
Instead of less than 10 attempts a day, it’s now around 2,500 per day.
Similar pattern to here from a couple of years back.
Cheer.
Does failed attempts of breaking the Openvpn certificated access really a need for attention. Trying to learn here.
Thanks.