Solved Help: ovpn activated w/out admin input, bad actor ip inside, functioning ping

[Sky]

Hi, Gang! Sky here.

Our VPN went offline last week. At the same time, Is it down, or just me was and continued reporting asuscomm.com down. I had attributed it to the wildfires in the wider area impeding switches, etc., etc. By down I mean users were unable to login in just timing out or being generally rejected. I was able to access data behind the router through alternate means, but users could not, so I knew the router & modem were both functioning. I was unable to send a reboot to the modem remotely, but the ISP was able to provision and reboot it from their end of their plant. There has been no inside-building physical access to the router or modem for the last 3-weeks or so.

Today the VPN came back online and the first thing I did was check the logs. Attached is a snippet of concern.

Is this just the normal script kiddie stuff you see with OpenVPN running, or do I have a serious problem here?

Sky

 

[ColinTaylor]

Is this just the normal script kiddie stuff you see with OpenVPN running...

Yes. There are numerous posts about some of those particular IP address ranges on these forums, e.g. here. That's what happens when you run your VPN server on a common port.

185.200.118.35 | M247 Europe SRL | AbuseIPDB

www.abuseipdb.com

 

[Sky]

Thanks Colin! What really had me going was having ovpn operational at all, which I did not recall doing. The only thing I can come up with is "distracted administrating".

Thanks for the links. I meant to mention AbuseIPDB but my original post was too long and it disappeared in the edit.

The Asus OEM fw doesn't allow the user to customize the vpn ports, although it appears ovpn allows this customization. If I start poking about in the internals to force-feed custom ports for our Asuses I'll have to re-do it every time there's a fw update, which I'm likely as not to forget — as above. Do you happen to know if Merlin's fw allows port customization for pptp*?

Sky

*(Yes, I understand the pptp issues but I'm required to use it.)

 

[ColinTaylor]

The Asus OEM fw doesn't allow the user to customize the vpn ports, although it appears ovpn allows this customization.

Sorry @Sky, my mistake. I thought you were running Merlin's firmware.

Do you happen to know if Merlin's fw allows port customization for pptp*?

It doesn't look like it now. It might have been different in 384.13_10 but I doubt it.

 

[Sky]

I've been preferring the Asus VPN for ease of administration as the person most likely to follow me into this role is even less adept than I am — if that's even possible — and I got a lot of push-back over trying to implement ovpn, but in the Asus both use common ports. I might try running the VPN off our Synology NASes, but I am very reluctant to make the connection that direct.

Meanwhile, back at the ranch…

I am very grateful for the insight into the common script-fishing for OpenVPN vpn's. Adding that to the commons we see for the PPTP vpn's gives me a quick and easy reference for helping my successor.

Thanks again @ColinTaylor!

 

[Tech9]

The Asus OEM fw doesn't allow the user to customize the vpn ports, although it appears ovpn allows this customization.

Are you sure? Asuswrt stock firmware:

 

[Sky]

Thanks @Tech9. So you can do it in OpenVPN on the router, but not for PPTP. I wonder why? Too bad, really — it might save all those pesky script-fishing log entries!

 

[Tech9]

I wonder why?

Because PPTP only uses port 1723. You can't change it. Don't use PPTP.

Point-to-Point Tunneling Protocol - Wikipedia

en.wikipedia.org

 

[Sky]

Got it. Thanks!