Security Ubuntu

Block failed OpenVPN logins with fail2ban

The following configuration successfully bans failed OpenVPN authentication attempts on Ubuntu 12.04 LTS. OpenVPN has been configured to authenticate against local password database via PAM.



enabled = true
port = openvpn
protocol = udp
filter = openvpn
logpath = /var/log/openvpn.log
maxretry = 4


before = common.conf

_daemon = openvpn

failregex = <HOST>:[0-9]{4,5} TLS Auth Error: Auth Username/Password verification failed for peer

ignoreregex =

Succesfull bans appear as below in /var/log/fail2ban.log

2014-02-25 23:40:29,485 fail2ban.actions: WARNING [openvpn] Ban
2014-02-25 23:50:29,895 fail2ban.actions: WARNING [openvpn] Unban


By Shanker Balan

Shanker Balan is a devops and infrastructure freelancer with over 14 years of industry experience in large scale Internet systems. He is available for both short term and long term projects on contract.

Please use the Contact Form for any enquiry.

2 replies on “Block failed OpenVPN logins with fail2ban”

Leave a Reply

Your email address will not be published. Required fields are marked *