Block failed OpenVPN logins with fail2ban

The following configuration successfully bans failed OpenVPN authentication attempts on Ubuntu 12.04 LTS. OpenVPN has been configured to authenticate against local password database via PAM.

jail.conf

[openvpn]

enabled   = true
port      = openvpn
protocol  = udp
filter    = openvpn
logpath   = /var/log/openvpn.log
maxretry = 4

/etc/fail2ban/filter.d/openvpn

[INCLUDES]
before = common.conf

[Definition]
_daemon = openvpn

failregex = <HOST>:[0-9]{4,5} TLS Auth Error: Auth Username/Password verification failed for peer

ignoreregex = 

Succesfull bans appear as below in /var/log/fail2ban.log

2014-02-25 23:40:29,485 fail2ban.actions: WARNING [openvpn] Ban 106.51.xxx.xxx
2014-02-25 23:50:29,895 fail2ban.actions: WARNING [openvpn] Unban 106.51.xxx.xxx

YMMV!!!

Shanker Balan

Shanker Balan is a devops and infrastructure freelancer with over 14 years of industry experience in large scale Internet systems. He is available for both short term and long term projects on contract. Please use the Contact Form for any enquiry.

More Posts - Website

Follow Me:
TwitterLinkedIn

Published by

Shanker Balan

Shanker Balan is a devops and infrastructure freelancer with over 14 years of industry experience in large scale Internet systems. He is available for both short term and long term projects on contract. Please use the Contact Form for any enquiry.

3 thoughts on “Block failed OpenVPN logins with fail2ban”

Leave a Reply