OpenVPN Suspicious Connections

Business solution to host your own OpenVPN server with web management interface and bundled clients.
Post Reply
markmn123
OpenVpn Newbie
Posts: 4
Joined: Mon Apr 24, 2023 11:19 pm

OpenVPN Suspicious Connections

Post by markmn123 » Tue Apr 25, 2023 3:14 pm

Hello everyone,
I have an OpenVPN VM (ubuntu 22.04) and its sitting behind a Ubiquiti UDM-Pro. Only 1194 is opened up to the appliance.
The last week or so the UDM has reported possible threats in the form of incoming connections coming from random spots (London, Bellevue US, Bulgaria)
This is happening every day at random times. The UDM actually allows some of these to go through and only blocks a few.
Should I be concerned?

markmn123
OpenVpn Newbie
Posts: 4
Joined: Mon Apr 24, 2023 11:19 pm

Re: OpenVPN Suspicious Connections

Post by markmn123 » Tue Apr 25, 2023 3:28 pm

https://adobe.ly/3NbqSMI
Just wanted to show the frequency. its mostly London and Bellevue. Only one connection from Bulgaria

maxburn
OpenVPN Power User
Posts: 65
Joined: Mon Dec 12, 2016 6:07 pm

Re: OpenVPN Suspicious Connections

Post by maxburn » Tue Apr 25, 2023 6:11 pm

Suspicious attempts or actual connections that authenticated?

Attempts; you are exposed to the internet and it's practically a war zone out there, everyone's going to poke at it.

markmn123
OpenVpn Newbie
Posts: 4
Joined: Mon Apr 24, 2023 11:19 pm

Re: OpenVPN Suspicious Connections

Post by markmn123 » Tue Apr 25, 2023 10:05 pm

From what i can see attempts. There arent any entries in the auth.log on the VM that correlate to the incoming "connections"
I closed a few ports on VM related to services I dont use but it looks like the OpenVPN service is using several others (904-909 & 943)
Does OpenVPN need that many listeners?
Edit: I do have 2FA set up as well

markmn123
OpenVpn Newbie
Posts: 4
Joined: Mon Apr 24, 2023 11:19 pm

Re: OpenVPN Suspicious Connections

Post by markmn123 » Thu Apr 27, 2023 2:39 pm

As an update:
I have changed the outside port from 1194 to something random and had nothing for the last 3 days

User avatar
openvpn_inc
OpenVPN Inc.
Posts: 1333
Joined: Tue Feb 16, 2021 10:41 am

Re: OpenVPN Suspicious Connections

Post by openvpn_inc » Tue May 16, 2023 11:14 am

Hello markmn123 and maxburn,

It's the Internet so you're going to get random attempts. Even if you change port number it's not ruled out that you'll get random connection attempts.

If you know which IP addresses are allowed to contact you, and which ones are not, you could set up your firewall to block everything except the allowed IP addresses. But that kind of negates the benefit of a VPN solution, where you can reach back to your secure network from practically anywhere in the world, by providing strong authentication and connection security, which a random person can't just bypass.

I don't believe there is any reason for you to be concerned about these connection attempts. It's similar to people knocking on your front door. Unless you put a big moat and castle walls and barbed wire fence around your house, you're going to get the occassional knock on the door from someone that wants to try to talk to you. If they don't have the key and you don't open the door, it's no big deal.

Kind regards,
Johan
Image OpenVPN Inc.
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support

Post Reply