Help with Log items...

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

SCADAMON

Occasional Visitor
I see a lot of messages like this in my logs.
I believe they are just spam but would like confermation from the community... thanks.

Dec 6 01:11:01 ovpn-server1[2345]: 185.200.118.84:51843 TLS: Initial packet from [AF_INET]185.200.118.84:51843, sid=12121212 12121212
Dec 6 01:12:01 ovpn-server1[2345]: 185.200.118.84:51843 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Dec 6 01:12:01 ovpn-server1[2345]: 185.200.118.84:51843 TLS Error: TLS handshake failed
Dec 6 01:12:01 ovpn-server1[2345]: 185.200.118.84:51843 SIGUSR1[soft,tls-error] received, client-instance restarting
Dec 6 03:32:02 ovpn-server1[2345]: 167.248.133.26:37796 TLS: Initial packet from [AF_INET]167.248.133.26:37796, sid=4d658221 07fcfd52
Dec 6 03:32:17 ovpn-server1[2345]: 167.248.133.55:36034 TLS: Initial packet from [AF_INET]167.248.133.55:36034, sid=c001cc78 6da6686a
Dec 6 03:33:02 ovpn-server1[2345]: 167.248.133.26:37796 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Dec 6 03:33:02 ovpn-server1[2345]: 167.248.133.26:37796 TLS Error: TLS handshake failed
Dec 6 03:33:02 ovpn-server1[2345]: 167.248.133.26:37796 SIGUSR1[soft,tls-error] received, client-instance restarting
Dec 6 03:33:17 ovpn-server1[2345]: 167.248.133.55:36034 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Dec 6 03:33:17 ovpn-server1[2345]: 167.248.133.55:36034 TLS Error: TLS handshake failed
Dec 6 03:33:17 ovpn-server1[2345]: 167.248.133.55:36034 SIGUSR1[soft,tls-error] received, client-instance restarting

Dec 6 21:06:14 ovpn-server1[2345]: 80.82.77.33:26876 TLS: Initial packet from [AF_INET]80.82.77.33:26876, sid=d9ce3abe f698a56d
Dec 6 21:06:14 ovpn-server1[2345]: 80.82.77.33:58120 TLS: Initial packet from [AF_INET]80.82.77.33:58120, sid=d9ce3abe f698a56d
Dec 6 21:06:29 ovpn-server1[2345]: 80.82.77.33:51598 TLS: Initial packet from [AF_INET]80.82.77.33:51598, sid=d9ce3abe f698a56d
Dec 6 21:06:44 ovpn-server1[2345]: 80.82.77.33:43592 TLS: Initial packet from [AF_INET]80.82.77.33:43592, sid=d9ce3abe f698a56d
Dec 6 21:07:14 ovpn-server1[2345]: 80.82.77.33:26876 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Dec 6 21:07:14 ovpn-server1[2345]: 80.82.77.33:26876 TLS Error: TLS handshake failed
Dec 6 21:07:14 ovpn-server1[2345]: 80.82.77.33:26876 SIGUSR1[soft,tls-error] received, client-instance restarting
Dec 6 21:07:14 ovpn-server1[2345]: 80.82.77.33:58120 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Dec 6 21:07:14 ovpn-server1[2345]: 80.82.77.33:58120 TLS Error: TLS handshake failed
Dec 6 21:07:14 ovpn-server1[2345]: 80.82.77.33:58120 SIGUSR1[soft,tls-error] received, client-instance restarting
Dec 6 21:07:29 ovpn-server1[2345]: 80.82.77.33:51598 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Dec 6 21:07:29 ovpn-server1[2345]: 80.82.77.33:51598 TLS Error: TLS handshake failed
Dec 6 21:07:29 ovpn-server1[2345]: 80.82.77.33:51598 SIGUSR1[soft,tls-error] received, client-instance restarting
Dec 6 21:07:44 ovpn-server1[2345]: 80.82.77.33:43592 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Dec 6 21:07:44 ovpn-server1[2345]: 80.82.77.33:43592 TLS Error: TLS handshake failed
Dec 6 21:07:44 ovpn-server1[2345]: 80.82.77.33:43592 SIGUSR1[soft,tls-error] received, client-instance restarting

NEW RT-AX88U with Mirlin 384-19
 

eibgrad

Very Senior Member
Just the kind of thing you'll typically see if you use the well-known port of any service (in the case of OpenVPN, port 1194). Best way to avoid most of it is to use an obscure port (e.g., 31995).
 

SCADAMON

Occasional Visitor
Just the kind of thing you'll typically see if you use the well-known port of any service (in the case of OpenVPN, port 1194). Best way to avoid most of it is to use an obscure port (e.g., 31995).
Are you saying that if I change the default "Server Port" under the advanced settings these outside polling will disappear from the logs?
if I change the default port will I have to update my clients Open VPN configurations???
Thanks.
 

eibgrad

Very Senior Member
Hackers are always going to try the well-known ports *first*. It only makes sense. And if they don't get a response, they are far more likely to move on in hopes of finding low hanging fruit elsewhere than waste their time trying every protocol on every port. It's just not an efficient way to hack. But NO ONE can guarantee that you'll never have hackers poking around any given port, esp. if they are specifically targeting YOU for some reason.

And yes, of course, you have to update the OpenVPN clients to use the new port.
 

SCADAMON

Occasional Visitor
Hackers are always going to try the well-known ports *first*. It only makes sense. And if they don't get a response, they are far more likely to move on in hopes of finding low hanging fruit elsewhere than waste their time trying every protocol on every port. It's just not an efficient way to hack. But NO ONE can guarantee that you'll never have hackers poking around any given port, esp. if they are specifically targeting YOU for some reason.

And yes, of course, you have to update the OpenVPN clients to use the new port.
Thanks I'll try new port numbers and keep an eye on it...
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top