Openvpn attacking spree

I noticed a enormous amount of fail2ban mails about attempts to log in / abuse the openvpn service.
Anyone else noticed a dramatic increase in openvpn traffic/hack attempts?

Worth asking: default port for your daemon?

no, regular level ± 500/day

Does fail2ban blocks the attacker?

Check the fail2ban log

Yes, the last days there were a lot of attempts.
Fail2ban banned them.
No hints of successfull login in logs!
Thanks to @stephdl for this great peace of software in nethserver! :+1: :smiley:


I have default modules for openvpn and fail2ban installed so, probably either 1194 or 943… I must say I didn’t look into that too much…
I agree that running on a non standard port will reduce attempts dramatically. I have seen that with SSH: since I run that on a non standard port I have almost no SSH login attempts anymore…
However, it does feel quite safe to have fail2ban running.

1 Like

Let’s say that It could avoid most… malicious OpenVPN knockers for access…

Seeing the same thing over the last couple of days. A HUGE increase in the number of connection attempts.

Instead of less than 10 attempts a day, it’s now around 2,500 per day.

Similar pattern to here from a couple of years back.


Does failed attempts of breaking the Openvpn certificated access really a need for attention. Trying to learn here.


Hi @Spiral

If you have Fail2Ban installed there’s usually not much to worry!

My 2 cents