Menu
What's new
By:
Filters Better Search

VPN server logs

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

L

Logi

Senior Member
I have the following logs on my VPN server on the RT-AC5300, what is the meaning of them? I wasn't trying to connect to:

Jul 13 20:11:32 15[IKE] 216.218.206.102 is initiating a Main Mode IKE_SA
Jul 14 02:37:53 10[IKE] 71.6.158.166 is initiating a Aggressive Mode IKE_SA
Jul 14 06:11:01 05[IKE] 89.248.167.131 is initiating a Aggressive Mode IKE_SA
Jul 14 21:46:15 11[IKE] 71.6.146.186 is initiating a Aggressive Mode IKE_SA
Jul 14 22:04:22 13[IKE] 216.218.206.90 is initiating a Main Mode IKE_SA
Jul 15 21:05:11 14[IKE] 216.218.206.82 is initiating a Main Mode IKE_SA
 
You are getting “door knocks” from the Internet. You’ll see less of those if you use a non-standard port ie. move away from UDP port 1194.
 
kfp said:
You are getting “door knocks” from the Internet. You’ll see less of those if you use a non-standard port ie. move away from UDP port 1194.
Click to expand...
I am using Apple devices (iOS, macOS) to connect to the router configured with IPSEC, I did not find the place where I can customize the port on the client side? Please could you provide some guidance, thanks
 
It's port scanning.

At least the 216.218.206.* addresses tell what they're doing (which is a first).
The Shadowserver Foundation


If you are looking at this page, then more than likely, you noticed a scan coming from this server across your network and/or poking at a service that you have running.

The Shadowserver Foundation is currently undertaking a project to search for publicly accessible devices that have services running that should not be exposed because they are trivial to exploit or abuse. The goal of this project is to identify hosts that have these types of services exposed andreport them back to the network owners for remediation.

Further details on this scanning project can be found on our blog at: http://blog.shadowserver.org/2014/03/28/the-scannings-will-continue-until-the-internet-improves/

Statistics on these scans can be found at: http://blog.shadowserver.org/2014/08/22/of-scannings-and-statistics/

If you would like to sign up for reports on any data that we have collected on your network, you can request them from here: https://www.shadowserver.org/wiki/pmwiki.php/Involve/GetReportsOnYourNetwork

All of the probes that are used in our tests are benign and do not ( and will never ) contain exploit code. Scans with these types of tools are off-limits for us.

All the data that we collect is visible to anyone who connects to a particular host with on the proper port using the proper commands.

If you have any more questions please feel free to send us an email at: gro [tod] revreswodahs [ta] nacssnd



The Shadowserver Foundation
Click to expand...
 
  • Like
Reactions: kfp
Logi said:
I am using Apple devices (iOS, macOS) to connect to the router configured with IPSEC, I did not find the place where I can customize the port on the client side? Please could you provide some guidance, thanks
Click to expand...

Ah, I assumed it was OpenVPN, my bad.
 
You must log in or register to reply here.

Similar threads

C
Instant Guard IPsec VPN Log Showing Regular Access Attempts
Replies
3
Views
288
ColinTaylor
C
K
Help with IPSEC connection in ASUS RT-AX3000
Replies
8
Views
828
rung
R
F
Site To Site VPN between Debian VM and AsusWRT-Merlin router, no routes exists
Replies
2
Views
630
Freewill0592
F
A
Asus XT12 Please review logs
Replies
1
Views
828
privacyguy123
P
G
Can't connect to IpSec VPN from Android 14
Replies
12
Views
1K
glsmith86
G
Similar threads
Thread starter Title Forum Replies Date
L Wireguard VPN Server does not work with DMZ enabled ASUSWRT - Official 1
Q VPN Fusion and firewall/port forwarding ASUSWRT - Official 0
H Suggestion: Reboot on schedule (task) and VPN autoconnect ASUSWRT - Official 7
F VPN conflict / bug ASUSWRT - Official 1
J Update Username/Password in ASUS Router App After changing these remotely by VPN ASUSWRT - Official 3
N Connect to a L2TP VPN with pre-shared key ASUSWRT - Official 0
TheLyppardMan VPN [Con]Fusion ASUSWRT - Official 1
G VPN Fusion issue - all devices routed through VPN despite selection ASUSWRT - Official 1
S PPTP VPN issue, not working ASUSWRT - Official 0
J GT-AX6000 VPN Fusion routing "issue" ASUSWRT - Official 2

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 709 (members: 23, guests: 686)
Top