TLS Error from unknown IP

This forum is for admins who are looking to build or expand their OpenVPN setup.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
GrimMultiVitamin
OpenVpn Newbie
Posts: 2
Joined: Sun Feb 12, 2023 10:52 am

TLS Error from unknown IP

Post by GrimMultiVitamin » Sun Feb 12, 2023 11:03 am

Hi,
I was looking through the logs and I discovered this (3 times)

scary log

2023-02-12 10:21:55 TLS Error: cannot locate HMAC in incoming packet from [AF_INET]192.241.211.13:51340


which, first of all, is not my IP and second of all if I look at abuseipdb, it tells me the IP was reported 564 times. Which frankly scares the bajesus out of me.. Now, I suspect that the TLS error just means, whoever is behind the IP doesn't have my vpn certificate and thus the connection was dropped. Further I suspect it was a port scan.
I have put this into my iptables
sudo iptables -I INPUT -s 192.241.211.13 -j DROP

but I'm not exactly sure how effective that is..

my config looks like this:

server config

server 192.168.255.0 255.255.255.0
verb 3
key /etc/openvpn/pki/private/
ca /etc/openvpn/pki/ca.crt
cert /etc/openvpn/pki/issued/
dh /etc/openvpn/pki/dh.pem
tls-auth /etc/openvpn/pki/ta.key
key-direction 0
keepalive 10 60
persist-key
persist-tun
duplicate-cn

topology subnet

reneg-sec 3600

cipher AES-256-GCM
data-ciphers AES-256-GCM

proto udp4
# Rely on Docker to do port mapping, internally always 1194
port 1194
dev tun0
status /tmp/openvpn-status.log

user nobody
group nogroup

### Push Configurations Below
push "block-outside-dns"
push "dhcp-option DNS 192.168.2.222"

client-to-client
push "redirect-gateway def1"

remote-cert-tls client
tls-version-min 1.2
push "explicit-exit-notify 3"

Dorian
OpenVpn Newbie
Posts: 6
Joined: Sat Jan 07, 2023 9:53 am

Re: TLS Error from unknown IP

Post by Dorian » Sat Feb 18, 2023 8:10 am

Hello,

TLS-auth is used to avoid DDOS-attack by asking every packets to be HMAC using this specific key.
As the attacker does not have this key, it cannot perform the HMAC and therefore after the first packet comes, the connection is dropped, limiting the bandwidth.
Therefore there is nothing to be really scared here, your first line of defense does the work perfectly.

GrimMultiVitamin
OpenVpn Newbie
Posts: 2
Joined: Sun Feb 12, 2023 10:52 am

Re: TLS Error from unknown IP

Post by GrimMultiVitamin » Sat Feb 18, 2023 2:49 pm

Right so the packets are dropped as I have thought. very good. Thank you :)

Post Reply