This page describes how to set up fail2ban with OpenVPN 2.4.7 (tested on ubuntu 20.04)
Create /etc/fail2ban/filter.d/openvpn.conf containing:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 |
# Fail2Ban filter for selected OpenVPN rejections # # [Definition] # Example messages (other matched messages not seen in the testing server's logs): # Fri Sep 23 11:55:36 2016 TLS Error: incoming packet authentication failed from [AF_INET]59.90.146.160:51223 # Thu Aug 25 09:36:02 2016 117.207.115.143:58922 TLS Error: TLS handshake failed failregex = ^ TLS Error: incoming packet authentication failed from \[AF_INET\]<HOST>:\d+$ ^ <HOST>:\d+ Connection reset, restarting ^ <HOST>:\d+ TLS Auth Error ^ <HOST>:\d+ TLS Error: TLS handshake failed$ ^ <HOST>:\d+ VERIFY ERROR ignoreregex = |
Create /etc/fail2ban/jail.local containing:
|
1 2 3 4 5 6 7 8 9 |
# Fail2Ban configuration fragment for OpenVPN [openvpn] enabled = true port = 1194 protocol = udp filter = openvpn logpath = /var/log/openvpn/openvpn.log maxretry = 3 |
To effect the configuration change:
|
1 |
$ service fail2ban restart |
To test the configuration change, check /var/log/fail2ban.log initially for service start messages and later for WARNING [openvpn] Ban and Unban messages.