I’ve added the Fail2Ban example here:
https://www.fail2ban.org/wiki/index.php/HOWTO_fail2ban_with_OpenVPN
Changing the path from
logpath = /var/log/openvpn.log
into
logpath = /var/log/messages
As far as I can see the line
:\d+ TLS Error: TLS handshake failed$
Does match the FreePBX distro logging, but fail2ban does not block OpenVPN abusers yet…
Anybody has this working? Or any hints what I am overlooking?
Removing the ^ from the and leaving the $ does give matches using
fail2ban-regex /var/log/messages /etc/fail2ban/filter.d/openvpn.local
JWR
PS Please add this default to the Fail2Ban configuration in FreePBX
Created /etc/fail2ban/filter.d/openvpn.local containing:
# Fail2Ban filter for selected OpenVPN rejections
#
#[Definition]
# Example messages (other matched messages not seen in the testing server’s logs):
# Fri Sep 23 11:55:36 2016 TLS Error: incoming packet authentication failed from [AF_INET]59.90.146.160:51223
# Thu Aug 25 09:36:02 2016 117.207.115.143:58922 TLS Error: TLS handshake failedfailregex = ^ TLS Error: incoming packet authentication failed from [AF_INET]:\d+$
^ <HOST>:\d+ Connection reset, restarting
^ <HOST>:\d+ TLS Auth Error
<HOST>:\d+ TLS Error: TLS handshake failed$
^ <HOST>:\d+ VERIFY ERRORignoreregex =
Create /etc/fail2ban/jail.d/openvpn containing:
# Fail2Ban configuration fragment for OpenVPN
[openvpn]
enabled = true
port = 1194
protocol = udp
filter = openvpn
logpath = /var/log/messages
maxretry = 3