Concerned with log entries in pfsense open vpn

This forum is for admins who are looking to build or expand their OpenVPN setup.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
cmakar
OpenVpn Newbie
Posts: 1
Joined: Mon Jan 03, 2022 5:38 pm

Concerned with log entries in pfsense open vpn

Post by cmakar » Mon Jan 03, 2022 5:42 pm

Hi all, I haven't spent much time with pfsense so I'm looking for input on these logs.
I just looked at my logs in pfsense openvpn, and I noticed a handful of logs that read like this...

TLS ERROR: cannot locate HMAC in incoming packet from [AF_INET]178.xx.xxx.xxx:51196

There are several of these and I don't recognize the IP addresses.
I only have 3 guys that connect to this vpn at work and from doing a dns lookup on these addresses, I don't believe any of them are from my guys.

What are these entries, are these attempted logins? Is there a way for me to block this kind of thing?

Thanks everyone.

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Concerned with log entries in pfsense open vpn

Post by TinCanTech » Mon Jan 03, 2022 8:14 pm

It is a packet which failed TLS authentication and was dropped.

Openvpn is capable of handling itself, nothing to worry about.

Post Reply