Menu
What's new
By:
Filters Better Search

AC86U with 384.5 VPN log question

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

J

JAF

Occasional Visitor
Quick question,

I'm using my 86U as an OpenVPN server so we can connect to it anytime we're on another WiFi. It's working great for all our devices. Looking thought the logs today, I'm noticing this entry a few times a day. It's at times I know no one is trying to connect to the VPN. Is this someone else trying to connect to my VPN server unsuccessfully? What do these log entries mean? Thanks!

Jun 24 16:47:26 ovpn-server1[2007]: 185.200.118.88:37919 TLS: Initial packet from [AF_INET]185.200.118.88:37919, sid=12121212 12121212

Jun 24 16:48:26 ovpn-server1[2007]: 185.200.118.88:37919 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)

Jun 24 16:48:26 ovpn-server1[2007]: 185.200.118.88:37919 TLS Error: TLS handshake failed

Jun 24 16:48:26 ovpn-server1[2007]: 185.200.118.88:37919 SIGUSR1[soft,tls-error] received, client-instance restarting
 
Thanks for confirming! That's the only service that is exposed and I'd like to keep it running instead of turning it off and on.
 
Simply changing the default port from 1194 to something non-standard will greatly reduce the number of attempts.
 
JAF said:
Quick question,

I'm using my 86U as an OpenVPN server so we can connect to it anytime we're on another WiFi. It's working great for all our devices. Looking thought the logs today, I'm noticing this entry a few times a day. It's at times I know no one is trying to connect to the VPN. Is this someone else trying to connect to my VPN server unsuccessfully? What do these log entries mean? Thanks!

Jun 24 16:47:26 ovpn-server1[2007]: 185.200.118.88:37919 TLS: Initial packet from [AF_INET]185.200.118.88:37919, sid=12121212 12121212

Jun 24 16:48:26 ovpn-server1[2007]: 185.200.118.88:37919 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)

Jun 24 16:48:26 ovpn-server1[2007]: 185.200.118.88:37919 TLS Error: TLS handshake failed

Jun 24 16:48:26 ovpn-server1[2007]: 185.200.118.88:37919 SIGUSR1[soft,tls-error] received, client-instance restarting
Click to expand...


I have almost identical entries in the system log, starting since April this year.

By coincidence, I did an analysis this afternoon and found that 80% of log in attempts are coming from servers in the same range, 185.200.118.0/24.

What puzzles me is that the log file entry is written by OpenVPN server, which on my router is listening on a non-standard port.

What I am trying to understand, is if this means that someone has correctly guessed the port, and has simply failed to log in because they did not have the correct (non-standard) user id and password?

Surely if the log in attempt was received on a different port, OpenVPN would not even see the attempt, and so would not write anything to the log file?
 
ColinTaylor said:
@PolarBearPerhaps you coincidentally moved it to another "standard" port.
Click to expand...

Thank you, that was most helpful. It turns out I was completely mistaken and have been using the standard port all along.

That explains why OpenVPN saw the port knocking and logged it to the system log.

Obviously, changing to a non-standard port would make things more difficult for someone trying to break in.

But if I do this, is it more likely that when I am travelling, the hotel's network will block my VPN connection ?
 
PolarBear said:
But if I do this, is it more likely that when I am travelling, the hotel's network will block my VPN connection ?
Click to expand...
I'm sure there are more seasoned travellers than me on these forums that can give better feedback. But in my limited experience I have found most places either allow everything or only HTTP/HTTPS. There's probably very few places that explicitly block port 1194.

I suppose if you did change your VPN to a non-standard port and then got stuck somewhere that blocked it you could use a mobile phone data connection to connect through the VPN, log into the router and change the port. Or, already have the second OpenVPN server configured for TPC/443 but not enabled. Then use your mobile login to turn it on.
 
You must log in or register to reply here.

Similar threads

L
Openvpn internal error add route
Replies
0
Views
269
lucian
L
A
Devices connect to my openvpn server correctly but no traffic from server to client
Replies
6
Views
906
ragtap
R
J
ovpn-server log errors meaning?
Replies
11
Views
1K
RMerlin
RMerlin
N
Solved Unable to connect to VPN server with self-signed certificate
Replies
0
Views
413
nino_070
N
Ripshod
(Not specifically) VPNMON-R3 1.11 failure domino effect
2
Replies
20
Views
1K
Viktor Jaep
Viktor Jaep
Similar threads
Thread starter Title Forum Replies Date
A Upgraded Ac86u to 386.13_2 and cannot find wireguard Asuswrt-Merlin 2
S script to use AC86U's WakeOnLan Asuswrt-Merlin 8
F ASUS RT-AC86U (merlin Current Version : 386.12_6): jffs2: Argh. No free space left for GC. Can you help me troubleshoot this please? Asuswrt-Merlin 6
D RT-AC86U no Quick Internet Setup wizard and fails as AI-Mesh node Asuswrt-Merlin 9
B FYI: AM 386.12 on AC86u - how to decrease # of random reboots Asuswrt-Merlin 4
Blankedy AC86U OpenVPN server whilst in AP mode Asuswrt-Merlin 3
D RT-AC86U mesh node FTP issue Asuswrt-Merlin 7
BobMCT Help with ntwk connect to RT-AC86U USB drive? Asuswrt-Merlin 5
J RT-AC86U DNS leaks while using mullvad Asuswrt-Merlin 1
M AC86U - DHCP not assigning IP. Asuswrt-Merlin 6

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 1,006 (members: 19, guests: 987)
Top