Block failed OpenVPN logins with fail2ban

The following configuration successfully bans failed OpenVPN authentication attempts on Ubuntu 12.04 LTS. OpenVPN has been configured to authenticate against local password database via PAM.

jail.conf

[openvpn]

enabled   = true
port      = openvpn
protocol  = udp
filter    = openvpn
logpath   = /var/log/openvpn.log
maxretry = 4

/etc/fail2ban/filter.d/openvpn

[INCLUDES]
before = common.conf

[Definition]
_daemon = openvpn

failregex = <HOST>:[0-9]{4,5} TLS Auth Error: Auth Username/Password verification failed for peer

ignoreregex =

Succesfull bans appear as below in /var/log/fail2ban.log

2014-02-25 23:40:29,485 fail2ban.actions: WARNING [openvpn] Ban 106.51.xxx.xxx
2014-02-25 23:50:29,895 fail2ban.actions: WARNING [openvpn] Unban 106.51.xxx.xxx

YMMV!!!

Related Posts

Shanker Balan

Shanker Balan is a devops and infrastructure freelancer with over 14 years of industry experience in large scale Internet systems. He is available for both short term and long term projects on contract. Please use the Contact Form for any enquiry.

More Posts - Website

Follow Me:

Related

Published by

Shanker Balan

Shanker Balan is a devops and infrastructure freelancer with over 14 years of industry experience in large scale Internet systems. He is available for both short term and long term projects on contract. Please use the Contact Form for any enquiry. View all posts by Shanker Balan

3 thoughts on “Block failed OpenVPN logins with fail2ban”

Pingback: Block unauthorized OpenVPN logins using fail2ban « http://blogs.fsfe.org/stefan.a/
anthony says:

March 19, 2015 at 00:30

doesn’t work. You never mentioned what version of fail2ban this was running on, nor which version of openvpn.
Pingback: Install Fail2Ban onUbuntu to protect services – Giant Geek Blog

Leave a Reply Cancel reply