The following configuration successfully bans failed OpenVPN authentication attempts on Ubuntu 12.04 LTS. OpenVPN has been configured to authenticate against local password database via PAM.
jail.conf
[text]
[openvpn]
enabled = true
port = openvpn
protocol = udp
filter = openvpn
logpath = /var/log/openvpn.log
maxretry = 4
[/text]
/etc/fail2ban/filter.d/openvpn
[text]
[INCLUDES]
before = common.conf
[Definition]
_daemon = openvpn
failregex = <HOST>:[0-9]{4,5} TLS Auth Error: Auth Username/Password verification failed for peer
ignoreregex =
[/text]
Succesfull bans appear as below in /var/log/fail2ban.log
[text]
2014-02-25 23:40:29,485 fail2ban.actions: WARNING [openvpn] Ban 106.51.xxx.xxx
2014-02-25 23:50:29,895 fail2ban.actions: WARNING [openvpn] Unban 106.51.xxx.xxx
[/text]
YMMV!!!
2 replies on “Block failed OpenVPN logins with fail2ban”
[…] Block failed OpenVPN logins with fail2ban at shankerbalan.net […]
doesn’t work. You never mentioned what version of fail2ban this was running on, nor which version of openvpn.