What's new

AC87U openvpn server continously stop working

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

michal.

New Around Here
Hello,

I started having problems with the OpenVPN server (that works fine over 2 years without any big isues) - Now almost everyday at random hour stop working.
When I'm trying connect to VPN I'm getting error "read UDP: Unknown error (code=10054)" so to check it I connect via ssh and execute command "nvram get vpn_server1_state" and got "-1" status, then I restart service by "reservice start_vpnserver1" and status get back to "2" vpn work agian. Then I've cheeked logs and last logs before vpn server restart was like below (I assume that is some kind of bruteforce attack but its possible that this force server to stop working?):
Mar 29 19:38:31 ovpn-server1[692]: 45.179.44.50:20351 TLS: Initial packet from [AF_INET6]::ffff:45.179.44.50:20351, sid=6a22eb44 5adb63fe
Mar 29 19:38:31 ovpn-server1[692]: 45.179.44.50:41841 TLS: Initial packet from [AF_INET6]::ffff:45.179.44.50:41841, sid=6a22eb44 5adb63fe
Mar 29 19:38:31 ovpn-server1[692]: 45.179.44.50:262 TLS: Initial packet from [AF_INET6]::ffff:45.179.44.50:262, sid=6a22eb44 5adb63fe
Mar 29 19:38:31 ovpn-server1[692]: 45.179.44.50:63228 TLS: Initial packet from [AF_INET6]::ffff:45.179.44.50:63228, sid=6a22eb44 5adb63fe
Mar 29 19:38:31 ovpn-server1[692]: 45.179.44.50:437 TLS: Initial packet from [AF_INET6]::ffff:45.179.44.50:437, sid=6a22eb44 5adb63fe
Mar 29 19:38:31 ovpn-server1[692]: 45.179.44.50:40466 TLS: Initial packet from [AF_INET6]::ffff:45.179.44.50:40466, sid=6a22eb44 5adb63fe
Mar 29 19:38:31 ovpn-server1[692]: 45.179.44.50:36252 TLS: Initial packet from [AF_INET6]::ffff:45.179.44.50:36252, sid=6a22eb44 5adb63fe
Mar 29 19:38:31 ovpn-server1[692]: 45.179.44.50:62897 TLS: Initial packet from [AF_INET6]::ffff:45.179.44.50:62897, sid=6a22eb44 5adb63fe
Mar 29 19:38:31 ovpn-server1[692]: 45.179.44.50:11146 TLS: Initial packet from [AF_INET6]::ffff:45.179.44.50:11146, sid=6a22eb44 5adb63fe
Mar 29 19:38:31 ovpn-server1[692]: 45.179.44.50:62934 TLS: Initial packet from [AF_INET6]::ffff:45.179.44.50:62934, sid=6a22eb44 5adb63fe
Mar 29 19:38:31 ovpn-server1[692]: 45.179.44.50:25235 TLS: Initial packet from [AF_INET6]::ffff:45.179.44.50:25235, sid=6a22eb44 5adb63fe
Mar 29 19:38:32 ovpn-server1[692]: 45.179.44.50:34472 TLS: Initial packet from [AF_INET6]::ffff:45.179.44.50:34472, sid=6a22eb44 5adb63fe
Mar 29 19:38:32 ovpn-server1[692]: 45.179.44.50:39669 TLS: Initial packet from [AF_INET6]::ffff:45.179.44.50:39669, sid=6a22eb44 5adb63fe
Mar 29 19:38:32 ovpn-server1[692]: 45.179.44.50:56036 TLS: Initial packet from [AF_INET6]::ffff:45.179.44.50:56036, sid=6a22eb44 5adb63fe
Mar 29 19:38:32 ovpn-server1[692]: 45.179.44.50:6955 TLS: Initial packet from [AF_INET6]::ffff:45.179.44.50:6955, sid=6a22eb44 5adb63fe
Mar 29 19:38:32 ovpn-server1[692]: 45.179.44.50:34141 TLS: Initial packet from [AF_INET6]::ffff:45.179.44.50:34141, sid=6a22eb44 5adb63fe
Mar 29 19:38:32 ovpn-server1[692]: 45.179.44.50:63142 TLS: Initial packet from [AF_INET6]::ffff:45.179.44.50:63142, sid=6a22eb44 5adb63fe
Mar 29 19:38:32 ovpn-server1[692]: 45.179.44.50:37449 TLS: Initial packet from [AF_INET6]::ffff:45.179.44.50:37449, sid=6a22eb44 5adb63fe
Mar 29 19:38:32 ovpn-server1[692]: 45.179.44.50:1554 TLS: Initial packet from [AF_INET6]::ffff:45.179.44.50:1554, sid=6a22eb44 5adb63fe
Mar 29 19:38:32 ovpn-server1[692]: 45.179.44.50:27470 TLS: Initial packet from [AF_INET6]::ffff:45.179.44.50:27470, sid=6a22eb44 5adb63fe
Can anyone can help me to resolve this problem?
My router is RT-AC87U firmware 384.13_10
 
It's possible that repeated hacking attempts are crashing the VPN server, perhaps deliberately to exploit a vulnerability. Are you running your VPN server on a common port like 1194 or 443? If so you should expect your server to be under constant attack.
 
These attempts are specifically targeted at IPv6. Last I heard, Merlin doesn't even support OpenVPN w/ IPv6. Are you actually using IPv6 on your WAN? If NOT, is it enabled?
 
These attempts are specifically targeted at IPv6. Last I heard, Merlin doesn't even support OpenVPN w/ IPv6. Are you actually using IPv6 on your WAN? If NOT, is it enabled?
I think that may be just an artifact of the common driver (always shows as AF_INET6). It's an IPv4 mapped address ::ffff:45.179.44.50, so really just 45.179.44.50
 
These attempts are specifically targeted at IPv6. Last I heard, Merlin doesn't even support OpenVPN w/ IPv6. Are you actually using IPv6 on your WAN? If NOT, is it enabled?
We have disabled IPv6 from begining (we not use this type of connections)

Also today the VPN is broken and when I logged in there is something like this (screen below)
1617086840948.png
 
Looks like normal scanning/hacking attempts. As I asked before, are you running your VPN server on a common port? If so change it to a random , non-obvious port >10000 and the problem will go away.
 
Last edited:
Looks like normal scanning/hacking attempts. As I asked before, are you running your VPN server on a common port? If so change it to a random , non-obvious port >10000 and the problem will go away.
Sorry, I forgot to answer earlier. I used the default ports for SSH (connection only via rsa-key) and VPN, I changed ports to higher than 65000 - I will observe if it's ok now.
 
Fast update - as so far no problem with vpn after changing ports. I think we can close topick, thank you all for fast response and help.
 

Similar threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top