Are these attempts to access my router-based VPN?

O

OldBobcat

IPCT+ Member
Apr 16, 2015
35
70
Iowa
Yesterday I saw a bunch of activity from Australia-based IP addresses in my router system log. Today I’m seeing addresses from the Russian Federation. They seem to be failed attempts to access OpenVPN.

Is my assumption correct, and, if so, is this something to be concerned about? Are there any steps I should take to further secure my router?

D17AE895-BE86-4774-BE0C-3BDD583CCC5A.jpeg
 
Yes, they are attempts. That sort of thing happens all the time and is not really anything to be concerned about. You can usually reduce the frequency of these unsolicited connections by changing the service to listen on some non-standard, high-numbered port (10000 - 65535). That makes it a lot harder for potential attackers to even guess what service they are talking to, to know how to attack it.
 
  • Like
Reactions: looney2ns, c hris527, Mike and 2 others
bp2008 said:
Yes, they are attempts. That sort of thing happens all the time and is not really anything to be concerned about. You can usually reduce the frequency of these unsolicited connections by changing the service to listen on some non-standard, high-numbered port (10000 - 65535). That makes it a lot harder for potential attackers to even guess what service they are talking to, to know how to attack it.
Click to expand...

Thank you! Appreciate you taking the time to answer & the additional advice.
 
I see the same attempts in my router log.
Changing my VPN port to 443, dropped the #'s down to almost none.
As I had found that several local WiFI spots were blocking 1194, and thus couldn't connect to back home.
 
Last edited:
  • Like
Reactions: OldBobcat and c hris527
bots will be bots.
scanners will scan.


fail2ban could also monitor logs and then update firewalls to block ips for a given duration. but this is only really effective at combating bad actors that use a single IP for a while. Reading that log snippet it seems like that is a single attempt over a range (snowshoeing). so it might have limited value.

geoblocking some countries you know you won't be dealing with can help in some cases.

I've done setups that required port knocking, but it's probably not worth the effort.

you could buy a VPN service that runs over say 443, then whitelist only that VPN to your VPN, but...... how far do you want to take things ?
 
  • Like
Reactions: OldBobcat
You must log in or register to reply here.
Top Bottom