Hello everyone,
I have an OpenVPN VM (ubuntu 22.04) and its sitting behind a Ubiquiti UDM-Pro. Only 1194 is opened up to the appliance.
The last week or so the UDM has reported possible threats in the form of incoming connections coming from random spots (London, Bellevue US, Bulgaria)
This is happening every day at random times. The UDM actually allows some of these to go through and only blocks a few.
Should I be concerned?
OpenVPN Suspicious Connections
-
- OpenVpn Newbie
- Posts: 4
- Joined: Mon Apr 24, 2023 11:19 pm
-
- OpenVpn Newbie
- Posts: 4
- Joined: Mon Apr 24, 2023 11:19 pm
Re: OpenVPN Suspicious Connections
https://adobe.ly/3NbqSMI
Just wanted to show the frequency. its mostly London and Bellevue. Only one connection from Bulgaria
Just wanted to show the frequency. its mostly London and Bellevue. Only one connection from Bulgaria
-
- OpenVPN Power User
- Posts: 65
- Joined: Mon Dec 12, 2016 6:07 pm
Re: OpenVPN Suspicious Connections
Suspicious attempts or actual connections that authenticated?
Attempts; you are exposed to the internet and it's practically a war zone out there, everyone's going to poke at it.
Attempts; you are exposed to the internet and it's practically a war zone out there, everyone's going to poke at it.
-
- OpenVpn Newbie
- Posts: 4
- Joined: Mon Apr 24, 2023 11:19 pm
Re: OpenVPN Suspicious Connections
From what i can see attempts. There arent any entries in the auth.log on the VM that correlate to the incoming "connections"
I closed a few ports on VM related to services I dont use but it looks like the OpenVPN service is using several others (904-909 & 943)
Does OpenVPN need that many listeners?
Edit: I do have 2FA set up as well
I closed a few ports on VM related to services I dont use but it looks like the OpenVPN service is using several others (904-909 & 943)
Does OpenVPN need that many listeners?
Edit: I do have 2FA set up as well
-
- OpenVpn Newbie
- Posts: 4
- Joined: Mon Apr 24, 2023 11:19 pm
Re: OpenVPN Suspicious Connections
As an update:
I have changed the outside port from 1194 to something random and had nothing for the last 3 days
I have changed the outside port from 1194 to something random and had nothing for the last 3 days
- openvpn_inc
- OpenVPN Inc.
- Posts: 1333
- Joined: Tue Feb 16, 2021 10:41 am
Re: OpenVPN Suspicious Connections
Hello markmn123 and maxburn,
It's the Internet so you're going to get random attempts. Even if you change port number it's not ruled out that you'll get random connection attempts.
If you know which IP addresses are allowed to contact you, and which ones are not, you could set up your firewall to block everything except the allowed IP addresses. But that kind of negates the benefit of a VPN solution, where you can reach back to your secure network from practically anywhere in the world, by providing strong authentication and connection security, which a random person can't just bypass.
I don't believe there is any reason for you to be concerned about these connection attempts. It's similar to people knocking on your front door. Unless you put a big moat and castle walls and barbed wire fence around your house, you're going to get the occassional knock on the door from someone that wants to try to talk to you. If they don't have the key and you don't open the door, it's no big deal.
Kind regards,
Johan
It's the Internet so you're going to get random attempts. Even if you change port number it's not ruled out that you'll get random connection attempts.
If you know which IP addresses are allowed to contact you, and which ones are not, you could set up your firewall to block everything except the allowed IP addresses. But that kind of negates the benefit of a VPN solution, where you can reach back to your secure network from practically anywhere in the world, by providing strong authentication and connection security, which a random person can't just bypass.
I don't believe there is any reason for you to be concerned about these connection attempts. It's similar to people knocking on your front door. Unless you put a big moat and castle walls and barbed wire fence around your house, you're going to get the occassional knock on the door from someone that wants to try to talk to you. If they don't have the key and you don't open the door, it's no big deal.
Kind regards,
Johan
OpenVPN Inc.
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support