normalize jail (defaults, etc); added missing tests for all REs; common prefix for failregex, no catch-alls, etc

config/filter.d/openvpn.conf

@@ -7,8 +7,10 @@
 before = common.conf
 
 [Definition]
-failregex =%(__hostname)s ovpn-server\[[0-9]{2,5}\]:.<HOST>:[0-9]{3,5} TLS Auth Error:.*
-           %(__hostname)s ovpn-server\[[0-9]{2,5}\]:.<HOST>:[0-9]{3,5} VERIFY ERROR:.*
-           %(__hostname)s ovpn-server\[[0-9]{2,5}\]:.<HOST>:[0-9]{3,5} TLS Error: TLS handshake failed.*
-           %(__hostname)s ovpn-server\[[0-9]{2,5}\]:.<HOST>:[0-9]{3,5} SIGUSR1\[soft,connection-reset\] received.*
-           %(__hostname)s ovpn-server\[[0-9]{2,5}\]: TLS Error: cannot locate HMAC in incoming packet from \[AF_INET\]<HOST>:[0-9]{3,5}
+_daemon = ovpn-server\d*
+
+failregex = ^%(__prefix_line)s<HOST>:\d{4,5} TLS Auth Error:
+            ^%(__prefix_line)s<HOST>:\d{4,5} VERIFY ERROR:
+            ^%(__prefix_line)s<HOST>:\d{4,5} TLS Error: TLS handshake failed\b
+            ^%(__prefix_line)s<HOST>:\d{4,5} SIGUSR1\[soft,connection-reset\] received\b
+            ^%(__prefix_line)sTLS Error: cannot locate HMAC in incoming packet from \[AF_INET\]\s*<HOST>:\d{4,5}

config/jail.conf

@@ -979,11 +979,8 @@ port    = http,https
 logpath = /var/log/traefik/access.log
 
 [openvpn]
-port = 443	# port of your openvpn server
-protocol = tcp	# protocol of your openvpn server
-filter = openvpn
+port = 443
 logpath = /var/log/syslog
-maxretry = 5
 
 [scanlogd]
 logpath = %(syslog_local0)s

fail2ban/tests/files/logs/openvpn

@@ -1,5 +1,3 @@
-# should match
-
 Apr 25 10:57:30 hostname ovpn-server[901]: TCP connection established with [AF_INET]83.97.20.30:10107
 Apr 25 10:57:36 hostname ovpn-server[901]: 83.97.20.30:10107 WARNING: Bad encapsulated packet length from peer (5635), which must be > 0 and <= 1626 -- please ensure that --tun-mtu or --link-mtu is equal on both peers -- this condition could also indicate a possible active attack on the TCP link -- [Attempting restart...]
 Apr 25 10:57:36 hostname ovpn-server[901]: 83.97.20.30:10107 Connection reset, restarting [0]
@@ -20,3 +18,11 @@ Apr 25 10:58:15 hostname ovpn-server[901]: 83.97.20.30:30968 WARNING: Bad encaps
 Apr 25 10:58:15 hostname ovpn-server[901]: 83.97.20.30:30968 Connection reset, restarting [0]
 # failJSON: { "time": "2005-04-25T10:58:15", "match": true , "host": "83.97.20.30" }
 Apr 25 10:58:15 hostname ovpn-server[901]: 83.97.20.30:30968 SIGUSR1[soft,connection-reset] received, client-instance restarting
+# failJSON: { "time": "2005-04-25T11:19:00", "match": true , "host": "192.0.2.251" }
+Apr 25 11:19:00 ovpn-server[13818]: 192.0.2.251:55329 VERIFY ERROR: depth=2, error=unable to get issuer certificate: <ROOT CA>
+# failJSON: { "time": "2005-04-25T11:19:00", "match": true , "host": "192.0.2.252" }
+Apr 25 11:19:00 ovpn-server[13819]: 192.0.2.252:55330 TLS Error: TLS handshake failed
+# failJSON: { "time": "2005-04-25T11:19:00", "match": true , "host": "192.0.2.253" }
+Apr 25 11:19:00 ovpn-server[13820]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]192.0.2.253:55340
+# failJSON: { "time": "2005-04-25T11:19:22", "match": true , "host": "192.0.2.254" }
+Apr 25 11:19:22 ovpn-server[13821]: 192.0.2.254:64480 TLS Auth Error: Auth Username/Password verification failed for peer