Aron_Pacey wrote: ↑ Wed May 13, 2020 12:13 pm
Does RDP really requires VPN usage? If yes, why?and by using vpn speed couldn't be comprise?
Port 3389 opened in the Firewall to public enables attack attempts.
I see several thousand attempts a day in the logs.
View Original server.conf
;local a.b.c.d
port 1194
proto udp
dev tun
;dev-node MyTap
ca "C:\\Program Files\\OpenVPN\\config\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\config\\server.crt"
key "C:\\Program Files\\OpenVPN\\config\\server.key"
dh "C:\\Program Files\\OpenVPN\\config\\dh2048.pem"
;topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100
;server-bridge
;push "route 192.168.10.0 255.255.255.0"
;push "route 192.168.20.0 255.255.255.0"
;client-config-dir ccd
;route 192.168.40.128 255.255.255.248
;client-config-dir ccd
;route 10.9.0.0 255.255.255.252
;learn-address ./script
;push "redirect-gateway def1 bypass-dhcp"
;push "dhcp-option DNS 208.67.222.222"
;push "dhcp-option DNS 208.67.220.220"
;client-to-client
;duplicate-cn
keepalive 10 120
tls-auth ta.key 0 # This file is secret
cipher AES-256-CBC
;compress lz4-v2
;push "compress lz4-v2"
;comp-lzo
;max-clients 100
;user nobody
;group nobody
persist-key
persist-tun
status openvpn-status.log
;log openvpn.log
;log-append openvpn.log
verb 3
;mute 20
explicit-exit-notify 1
server.log
Code: Select all
Wed May 13 08:44:24 2020 OpenVPN 2.4.9 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Apr 16 2020
Wed May 13 08:44:24 2020 Windows version 6.2 (Windows 8 or greater) 64bit
Wed May 13 08:44:24 2020 library versions: OpenSSL 1.1.1f 31 Mar 2020, LZO 2.10
Wed May 13 08:44:24 2020 Diffie-Hellman initialized with 2048 bit key
Wed May 13 08:44:24 2020 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed May 13 08:44:24 2020 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed May 13 08:44:24 2020 interactive service msg_channel=0
Wed May 13 08:44:24 2020 ROUTE_GATEWAY 46.242.128.1/255.255.248.0 I=19 HWADDR=0c:c4:7a:e4:88:f2
Wed May 13 08:44:24 2020 open_tun
Wed May 13 08:44:24 2020 TAP-WIN32 device [Local Area Connection] opened: \\.\Global\{1B3C3837-C111-493B-B385-959D9AB69AD1}.tap
Wed May 13 08:44:24 2020 TAP-Windows Driver Version 9.24
Wed May 13 08:44:24 2020 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.8.0.1/255.255.255.252 on interface {1B3C3837-C111-493B-B385-959D9AB69AD1} [DHCP-serv: 10.8.0.2, lease-time: 31536000]
Wed May 13 08:44:24 2020 Sleeping for 10 seconds...
Wed May 13 08:44:34 2020 Successful ARP Flush on interface [39] {1B3C3837-C111-493B-B385-959D9AB69AD1}
Wed May 13 08:44:34 2020 C:\Windows\system32\route.exe ADD 10.8.0.0 MASK 255.255.255.0 10.8.0.2
Wed May 13 08:44:34 2020 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=25 and dwForwardType=4
Wed May 13 08:44:34 2020 Route addition via IPAPI succeeded [adaptive]
Wed May 13 08:44:34 2020 Could not determine IPv4/IPv6 protocol. Using AF_INET6
Wed May 13 08:44:34 2020 Socket Buffers: R=[131072->131072] S=[131072->131072]
Wed May 13 08:44:34 2020 setsockopt(IPV6_V6ONLY=0)
Wed May 13 08:44:34 2020 UDPv6 link local (bound): [AF_INET6][undef]:1194
Wed May 13 08:44:34 2020 UDPv6 link remote: [AF_UNSPEC]
Wed May 13 08:44:34 2020 MULTI: multi_init called, r=256 v=256
Wed May 13 08:44:34 2020 IFCONFIG POOL: base=10.8.0.4 size=62, ipv6=0
Wed May 13 08:44:34 2020 ifconfig_pool_read(), in='admin,10.8.0.4', TODO: IPv6
Wed May 13 08:44:34 2020 succeeded -> ifconfig_pool_set()
Wed May 13 08:44:34 2020 IFCONFIG POOL LIST
Wed May 13 08:44:34 2020 admin,10.8.0.4
Wed May 13 08:44:34 2020 Initialization Sequence Completed
Wed May 13 08:44:45 2020 [IP_PUBLIC_ADMIN]:56903 TLS: Initial packet from [AF_INET6]::ffff:[IP_PUBLIC_ADMIN]:56903, sid=7aceb45d a324d01d
Wed May 13 08:44:46 2020 [IP_PUBLIC_ADMIN]:56903 VERIFY OK: depth=1, C=PL, ST=MZ, L=Warsaw, O=OpenVPN, OU=TestOpenVPN, CN=TestOpenVPN, name=TestOpenVPN, emailAddress=admin@admin.com
Wed May 13 08:44:46 2020 [IP_PUBLIC_ADMIN]:56903 VERIFY OK: depth=0, C=PL, ST=MZ, L=Warsaw, O=OpenVPN, OU=TestOpenVPN, CN=admin, name=Admin, emailAddress=admin@admin.com
Wed May 13 08:44:46 2020 [IP_PUBLIC_ADMIN]:56903 peer info: IV_VER=2.4.9
Wed May 13 08:44:46 2020 [IP_PUBLIC_ADMIN]:56903 peer info: IV_PLAT=win
Wed May 13 08:44:46 2020 [IP_PUBLIC_ADMIN]:56903 peer info: IV_PROTO=2
Wed May 13 08:44:46 2020 [IP_PUBLIC_ADMIN]:56903 peer info: IV_NCP=2
Wed May 13 08:44:46 2020 [IP_PUBLIC_ADMIN]:56903 peer info: IV_LZ4=1
Wed May 13 08:44:46 2020 [IP_PUBLIC_ADMIN]:56903 peer info: IV_LZ4v2=1
Wed May 13 08:44:46 2020 [IP_PUBLIC_ADMIN]:56903 peer info: IV_LZO=1
Wed May 13 08:44:46 2020 [IP_PUBLIC_ADMIN]:56903 peer info: IV_COMP_STUB=1
Wed May 13 08:44:46 2020 [IP_PUBLIC_ADMIN]:56903 peer info: IV_COMP_STUBv2=1
Wed May 13 08:44:46 2020 [IP_PUBLIC_ADMIN]:56903 peer info: IV_TCPNL=1
Wed May 13 08:44:46 2020 [IP_PUBLIC_ADMIN]:56903 peer info: IV_GUI_VER=OpenVPN_GUI_11
Wed May 13 08:44:46 2020 [IP_PUBLIC_ADMIN]:56903 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 4096 bit RSA
Wed May 13 08:44:46 2020 [IP_PUBLIC_ADMIN]:56903 [admin] Peer Connection Initiated with [AF_INET6]::ffff:[IP_PUBLIC_ADMIN]:56903
Wed May 13 08:44:46 2020 admin/[IP_PUBLIC_ADMIN]:56903 MULTI_sva: pool returned IPv4=10.8.0.6, IPv6=(Not enabled)
Wed May 13 08:44:46 2020 admin/[IP_PUBLIC_ADMIN]:56903 MULTI: Learn: 10.8.0.6 -> admin/[IP_PUBLIC_ADMIN]:56903
Wed May 13 08:44:46 2020 admin/[IP_PUBLIC_ADMIN]:56903 MULTI: primary virtual IP for admin/[IP_PUBLIC_ADMIN]:56903: 10.8.0.6
Wed May 13 08:44:47 2020 admin/[IP_PUBLIC_ADMIN]:56903 PUSH: Received control message: 'PUSH_REQUEST'
Wed May 13 08:44:47 2020 admin/[IP_PUBLIC_ADMIN]:56903 SENT CONTROL [admin]: 'PUSH_REPLY,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5,peer-id 0,cipher AES-256-GCM' (status=1)
Wed May 13 08:44:47 2020 admin/[IP_PUBLIC_ADMIN]:56903 Data Channel: using negotiated cipher 'AES-256-GCM'
Wed May 13 08:44:47 2020 admin/[IP_PUBLIC_ADMIN]:56903 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Wed May 13 08:44:47 2020 admin/[IP_PUBLIC_ADMIN]:56903 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Wed May 13 09:44:46 2020 admin/[IP_PUBLIC_ADMIN]:56903 VERIFY OK: depth=1, C=PL, ST=MZ, L=Warsaw, O=OpenVPN, OU=TestOpenVPN, CN=TestOpenVPN, name=TestOpenVPN, emailAddress=admin@admin.com
Wed May 13 09:44:46 2020 admin/[IP_PUBLIC_ADMIN]:56903 VERIFY OK: depth=0, C=PL, ST=MZ, L=Warsaw, O=OpenVPN, OU=TestOpenVPN, CN=admin, name=Admin, emailAddress=admin@admin.com
Wed May 13 09:44:46 2020 admin/[IP_PUBLIC_ADMIN]:56903 peer info: IV_VER=2.4.9
Wed May 13 09:44:46 2020 admin/[IP_PUBLIC_ADMIN]:56903 peer info: IV_PLAT=win
Wed May 13 09:44:46 2020 admin/[IP_PUBLIC_ADMIN]:56903 peer info: IV_PROTO=2
Wed May 13 09:44:46 2020 admin/[IP_PUBLIC_ADMIN]:56903 peer info: IV_LZ4=1
Wed May 13 09:44:46 2020 admin/[IP_PUBLIC_ADMIN]:56903 peer info: IV_LZ4v2=1
Wed May 13 09:44:46 2020 admin/[IP_PUBLIC_ADMIN]:56903 peer info: IV_LZO=1
Wed May 13 09:44:46 2020 admin/[IP_PUBLIC_ADMIN]:56903 peer info: IV_COMP_STUB=1
Wed May 13 09:44:46 2020 admin/[IP_PUBLIC_ADMIN]:56903 peer info: IV_COMP_STUBv2=1
Wed May 13 09:44:46 2020 admin/[IP_PUBLIC_ADMIN]:56903 peer info: IV_TCPNL=1
Wed May 13 09:44:46 2020 admin/[IP_PUBLIC_ADMIN]:56903 peer info: IV_GUI_VER=OpenVPN_GUI_11
Wed May 13 09:44:46 2020 admin/[IP_PUBLIC_ADMIN]:56903 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Wed May 13 09:44:46 2020 admin/[IP_PUBLIC_ADMIN]:56903 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Wed May 13 09:44:46 2020 admin/[IP_PUBLIC_ADMIN]:56903 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 4096 bit RSA
Wed May 13 10:23:03 2020 admin/[IP_PUBLIC_ADMIN]:56903 [admin] Inactivity timeout (--ping-restart), restarting
Wed May 13 10:23:03 2020 admin/[IP_PUBLIC_ADMIN]:56903 SIGUSR1[soft,ping-restart] received, client-instance restarting
Wed May 13 11:42:07 2020 TLS Error: cannot locate HMAC in incoming packet from [AF_INET6]::ffff:185.200.118.75:53614
Wed May 13 17:50:57 2020 TLS Error: cannot locate HMAC in incoming packet from [AF_INET6]::ffff:93.174.95.106:26876
Wed May 13 23:51:03 2020 TLS Error: cannot locate HMAC in incoming packet from [AF_INET6]::ffff:185.200.118.72:48942
Thu May 14 05:19:04 2020 TLS Error: cannot locate HMAC in incoming packet from [AF_INET6]::ffff:146.88.240.4:51697
View Original client.conf
client
dev tun
;dev-node MyTap
proto udp
remote [IP_PUBLIC_SERVER] 1194
;remote-random
resolv-retry infinite
nobind
;user nobody
;group nobody
persist-key
persist-tun
;http-proxy-retry # retry on connection failures
;http-proxy [proxy server] [proxy port #]
;mute-replay-warnings
ca "C:\\Program Files\\OpenVPN\\config\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\config\\admin.crt"
key "C:\\Program Files\\OpenVPN\\config\\admin.key"
remote-cert-tls server
tls-auth ta.key 1
cipher AES-256-CBC
verb 3
;mute 20
Code: Select all
Wed May 13 08:44:43 2020 OpenVPN 2.4.9 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Apr 16 2020
Wed May 13 08:44:43 2020 Windows version 6.2 (Windows 8 or greater) 64bit
Wed May 13 08:44:43 2020 library versions: OpenSSL 1.1.1f 31 Mar 2020, LZO 2.10
Enter Management Password:
Wed May 13 08:44:43 2020 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Wed May 13 08:44:43 2020 Need hold release from management interface, waiting...
Wed May 13 08:44:43 2020 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Wed May 13 08:44:43 2020 MANAGEMENT: CMD 'state on'
Wed May 13 08:44:43 2020 MANAGEMENT: CMD 'log all on'
Wed May 13 08:44:43 2020 MANAGEMENT: CMD 'echo all on'
Wed May 13 08:44:43 2020 MANAGEMENT: CMD 'bytecount 5'
Wed May 13 08:44:43 2020 MANAGEMENT: CMD 'hold off'
Wed May 13 08:44:43 2020 MANAGEMENT: CMD 'hold release'
Wed May 13 08:44:43 2020 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed May 13 08:44:43 2020 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed May 13 08:44:43 2020 TCP/UDP: Preserving recently used remote address: [AF_INET][IP_PUBLIC_SERVER]:1194
Wed May 13 08:44:43 2020 Socket Buffers: R=[65536->65536] S=[65536->65536]
Wed May 13 08:44:43 2020 UDP link local: (not bound)
Wed May 13 08:44:43 2020 UDP link remote: [AF_INET][IP_PUBLIC_SERVER]:1194
Wed May 13 08:44:43 2020 MANAGEMENT: >STATE:1589352283,WAIT,,,,,,
Wed May 13 08:44:43 2020 MANAGEMENT: >STATE:1589352283,AUTH,,,,,,
Wed May 13 08:44:43 2020 TLS: Initial packet from [AF_INET][IP_PUBLIC_SERVER]:1194, sid=953b2268 afc702a4
Wed May 13 08:44:43 2020 VERIFY OK: depth=1, C=PL, ST=MZ, L=Warsaw, O=OpenVPN, OU=TestOpenVPN, CN=TestOpenVPN, name=TestOpenVPN, emailAddress=admin@admin.com
Wed May 13 08:44:43 2020 VERIFY KU OK
Wed May 13 08:44:43 2020 Validating certificate extended key usage
Wed May 13 08:44:43 2020 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Wed May 13 08:44:43 2020 VERIFY EKU OK
Wed May 13 08:44:43 2020 VERIFY OK: depth=0, C=PL, ST=MZ, L=Warsaw, O=OpenVPN, OU=TestOpenVPN, CN=TestOpenVPN, name=TestOpenVPN, emailAddress=admin@admin.com
Wed May 13 08:44:43 2020 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 4096 bit RSA
Wed May 13 08:44:43 2020 [TestOpenVPN] Peer Connection Initiated with [AF_INET][IP_PUBLIC_SERVER]:1194
Wed May 13 08:44:45 2020 MANAGEMENT: >STATE:1589352285,GET_CONFIG,,,,,,
Wed May 13 08:44:45 2020 SENT CONTROL [TestOpenVPN]: 'PUSH_REQUEST' (status=1)
Wed May 13 08:44:45 2020 PUSH: Received control message: 'PUSH_REPLY,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5,peer-id 0,cipher AES-256-GCM'
Wed May 13 08:44:45 2020 OPTIONS IMPORT: timers and/or timeouts modified
Wed May 13 08:44:45 2020 OPTIONS IMPORT: --ifconfig/up options modified
Wed May 13 08:44:45 2020 OPTIONS IMPORT: route options modified
Wed May 13 08:44:45 2020 OPTIONS IMPORT: peer-id set
Wed May 13 08:44:45 2020 OPTIONS IMPORT: adjusting link_mtu to 1624
Wed May 13 08:44:45 2020 OPTIONS IMPORT: data channel crypto options modified
Wed May 13 08:44:45 2020 Data Channel: using negotiated cipher 'AES-256-GCM'
Wed May 13 08:44:45 2020 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Wed May 13 08:44:45 2020 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Wed May 13 08:44:45 2020 interactive service msg_channel=0
Wed May 13 08:44:45 2020 ROUTE_GATEWAY 192.168.0.1/255.255.255.0 I=14 HWADDR=98:e7:43:d9:8f:fe
Wed May 13 08:44:45 2020 open_tun
Wed May 13 08:44:45 2020 TAP-WIN32 device [Połączenie lokalne 2] opened: \\.\Global\{08A93FC3-C0F8-4A1C-9B5F-03A1F086F688}.tap
Wed May 13 08:44:45 2020 TAP-Windows Driver Version 9.24
Wed May 13 08:44:45 2020 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.8.0.6/255.255.255.252 on interface {08A93FC3-C0F8-4A1C-9B5F-03A1F086F688} [DHCP-serv: 10.8.0.5, lease-time: 31536000]
Wed May 13 08:44:45 2020 Successful ARP Flush on interface [58] {08A93FC3-C0F8-4A1C-9B5F-03A1F086F688}
Wed May 13 08:44:45 2020 MANAGEMENT: >STATE:1589352285,ASSIGN_IP,,10.8.0.6,,,,
Wed May 13 08:44:50 2020 TEST ROUTES: 1/1 succeeded len=1 ret=1 a=0 u/d=up
Wed May 13 08:44:50 2020 MANAGEMENT: >STATE:1589352290,ADD_ROUTES,,,,,,
Wed May 13 08:44:50 2020 C:\Windows\system32\route.exe ADD 10.8.0.1 MASK 255.255.255.255 10.8.0.5
Wed May 13 08:44:50 2020 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=25 and dwForwardType=4
Wed May 13 08:44:50 2020 Route addition via IPAPI succeeded [adaptive]
Wed May 13 08:44:50 2020 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Wed May 13 08:44:50 2020 Initialization Sequence Completed
Wed May 13 08:44:50 2020 MANAGEMENT: >STATE:1589352290,CONNECTED,SUCCESS,10.8.0.6,[IP_PUBLIC_SERVER],1194,,
Wed May 13 09:44:43 2020 TLS: soft reset sec=0 bytes=74821/-1 pkts=951/0
Wed May 13 09:44:43 2020 VERIFY OK: depth=1, C=PL, ST=MZ, L=Warsaw, O=OpenVPN, OU=TestOpenVPN, CN=TestOpenVPN, name=TestOpenVPN, emailAddress=admin@admin.com
Wed May 13 09:44:43 2020 VERIFY KU OK
Wed May 13 09:44:43 2020 Validating certificate extended key usage
Wed May 13 09:44:43 2020 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Wed May 13 09:44:43 2020 VERIFY EKU OK
Wed May 13 09:44:43 2020 VERIFY OK: depth=0, C=PL, ST=MZ, L=Warsaw, O=OpenVPN, OU=TestOpenVPN, CN=TestOpenVPN, name=TestOpenVPN, emailAddress=admin@admin.com
Wed May 13 09:44:44 2020 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Wed May 13 09:44:44 2020 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Wed May 13 09:44:44 2020 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 4096 bit RSA
Wed May 13 10:19:01 2020 C:\Windows\system32\route.exe DELETE 10.8.0.1 MASK 255.255.255.255 10.8.0.5
Wed May 13 10:19:01 2020 Route deletion via IPAPI succeeded [adaptive]
Wed May 13 10:19:01 2020 Closing TUN/TAP interface
Wed May 13 10:19:01 2020 TAP: DHCP address released
Wed May 13 10:19:01 2020 SIGTERM[hard,] received, process exiting
Wed May 13 10:19:01 2020 MANAGEMENT: >STATE:1589357941,EXITING,SIGTERM,,,,,