The following configuration successfully bans failed OpenVPN authentication attempts on Ubuntu 12.04 LTS. OpenVPN has been configured to authenticate against local password database via PAM.
jail.conf
[openvpn] enabled = true port = openvpn protocol = udp filter = openvpn logpath = /var/log/openvpn.log maxretry = 4
/etc/fail2ban/filter.d/openvpn
[INCLUDES]
before = common.conf
[Definition]
_daemon = openvpn
failregex = <HOST>:[0-9]{4,5} TLS Auth Error: Auth Username/Password verification failed for peer
ignoreregex =
Succesfull bans appear as below in /var/log/fail2ban.log
2014-02-25 23:40:29,485 fail2ban.actions: WARNING [openvpn] Ban 106.51.xxx.xxx 2014-02-25 23:50:29,895 fail2ban.actions: WARNING [openvpn] Unban 106.51.xxx.xxx
YMMV!!!
Shanker Balan
Shanker Balan is a devops and infrastructure freelancer with over 14 years of industry experience in large scale Internet systems. He is available for both short term and long term projects on contract. Please use the Contact Form for any enquiry.
Follow Me:
2 replies on “Block failed OpenVPN logins with fail2ban”
[…] Block failed OpenVPN logins with fail2ban at shankerbalan.net […]
doesn’t work. You never mentioned what version of fail2ban this was running on, nor which version of openvpn.