diff --git a/config/filter.d/openvpn.conf b/config/filter.d/openvpn.conf index 71b80de2..97e6812f 100644 --- a/config/filter.d/openvpn.conf +++ b/config/filter.d/openvpn.conf @@ -7,8 +7,10 @@ before = common.conf [Definition] -failregex =%(__hostname)s ovpn-server\[[0-9]{2,5}\]:.:[0-9]{3,5} TLS Auth Error:.* - %(__hostname)s ovpn-server\[[0-9]{2,5}\]:.:[0-9]{3,5} VERIFY ERROR:.* - %(__hostname)s ovpn-server\[[0-9]{2,5}\]:.:[0-9]{3,5} TLS Error: TLS handshake failed.* - %(__hostname)s ovpn-server\[[0-9]{2,5}\]:.:[0-9]{3,5} SIGUSR1\[soft,connection-reset\] received.* - %(__hostname)s ovpn-server\[[0-9]{2,5}\]: TLS Error: cannot locate HMAC in incoming packet from \[AF_INET\]:[0-9]{3,5} +_daemon = ovpn-server\d* + +failregex = ^%(__prefix_line)s:\d{4,5} TLS Auth Error: + ^%(__prefix_line)s:\d{4,5} VERIFY ERROR: + ^%(__prefix_line)s:\d{4,5} TLS Error: TLS handshake failed\b + ^%(__prefix_line)s:\d{4,5} SIGUSR1\[soft,connection-reset\] received\b + ^%(__prefix_line)sTLS Error: cannot locate HMAC in incoming packet from \[AF_INET\]\s*:\d{4,5} diff --git a/config/jail.conf b/config/jail.conf index fe89733c..bce6df63 100644 --- a/config/jail.conf +++ b/config/jail.conf @@ -979,11 +979,8 @@ port = http,https logpath = /var/log/traefik/access.log [openvpn] -port = 443 # port of your openvpn server -protocol = tcp # protocol of your openvpn server -filter = openvpn +port = 443 logpath = /var/log/syslog -maxretry = 5 [scanlogd] logpath = %(syslog_local0)s diff --git a/fail2ban/tests/files/logs/openvpn b/fail2ban/tests/files/logs/openvpn index 04aa63dc..3be7e0f5 100644 --- a/fail2ban/tests/files/logs/openvpn +++ b/fail2ban/tests/files/logs/openvpn @@ -1,5 +1,3 @@ -# should match - Apr 25 10:57:30 hostname ovpn-server[901]: TCP connection established with [AF_INET]83.97.20.30:10107 Apr 25 10:57:36 hostname ovpn-server[901]: 83.97.20.30:10107 WARNING: Bad encapsulated packet length from peer (5635), which must be > 0 and <= 1626 -- please ensure that --tun-mtu or --link-mtu is equal on both peers -- this condition could also indicate a possible active attack on the TCP link -- [Attempting restart...] Apr 25 10:57:36 hostname ovpn-server[901]: 83.97.20.30:10107 Connection reset, restarting [0] @@ -20,3 +18,11 @@ Apr 25 10:58:15 hostname ovpn-server[901]: 83.97.20.30:30968 WARNING: Bad encaps Apr 25 10:58:15 hostname ovpn-server[901]: 83.97.20.30:30968 Connection reset, restarting [0] # failJSON: { "time": "2005-04-25T10:58:15", "match": true , "host": "83.97.20.30" } Apr 25 10:58:15 hostname ovpn-server[901]: 83.97.20.30:30968 SIGUSR1[soft,connection-reset] received, client-instance restarting +# failJSON: { "time": "2005-04-25T11:19:00", "match": true , "host": "192.0.2.251" } +Apr 25 11:19:00 ovpn-server[13818]: 192.0.2.251:55329 VERIFY ERROR: depth=2, error=unable to get issuer certificate: +# failJSON: { "time": "2005-04-25T11:19:00", "match": true , "host": "192.0.2.252" } +Apr 25 11:19:00 ovpn-server[13819]: 192.0.2.252:55330 TLS Error: TLS handshake failed +# failJSON: { "time": "2005-04-25T11:19:00", "match": true , "host": "192.0.2.253" } +Apr 25 11:19:00 ovpn-server[13820]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]192.0.2.253:55340 +# failJSON: { "time": "2005-04-25T11:19:22", "match": true , "host": "192.0.2.254" } +Apr 25 11:19:22 ovpn-server[13821]: 192.0.2.254:64480 TLS Auth Error: Auth Username/Password verification failed for peer