What's new

Help with Log items...

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

SCADAMON

Occasional Visitor
I see a lot of messages like this in my logs.
I believe they are just spam but would like confermation from the community... thanks.

Dec 6 01:11:01 ovpn-server1[2345]: 185.200.118.84:51843 TLS: Initial packet from [AF_INET]185.200.118.84:51843, sid=12121212 12121212
Dec 6 01:12:01 ovpn-server1[2345]: 185.200.118.84:51843 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Dec 6 01:12:01 ovpn-server1[2345]: 185.200.118.84:51843 TLS Error: TLS handshake failed
Dec 6 01:12:01 ovpn-server1[2345]: 185.200.118.84:51843 SIGUSR1[soft,tls-error] received, client-instance restarting
Dec 6 03:32:02 ovpn-server1[2345]: 167.248.133.26:37796 TLS: Initial packet from [AF_INET]167.248.133.26:37796, sid=4d658221 07fcfd52
Dec 6 03:32:17 ovpn-server1[2345]: 167.248.133.55:36034 TLS: Initial packet from [AF_INET]167.248.133.55:36034, sid=c001cc78 6da6686a
Dec 6 03:33:02 ovpn-server1[2345]: 167.248.133.26:37796 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Dec 6 03:33:02 ovpn-server1[2345]: 167.248.133.26:37796 TLS Error: TLS handshake failed
Dec 6 03:33:02 ovpn-server1[2345]: 167.248.133.26:37796 SIGUSR1[soft,tls-error] received, client-instance restarting
Dec 6 03:33:17 ovpn-server1[2345]: 167.248.133.55:36034 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Dec 6 03:33:17 ovpn-server1[2345]: 167.248.133.55:36034 TLS Error: TLS handshake failed
Dec 6 03:33:17 ovpn-server1[2345]: 167.248.133.55:36034 SIGUSR1[soft,tls-error] received, client-instance restarting

Dec 6 21:06:14 ovpn-server1[2345]: 80.82.77.33:26876 TLS: Initial packet from [AF_INET]80.82.77.33:26876, sid=d9ce3abe f698a56d
Dec 6 21:06:14 ovpn-server1[2345]: 80.82.77.33:58120 TLS: Initial packet from [AF_INET]80.82.77.33:58120, sid=d9ce3abe f698a56d
Dec 6 21:06:29 ovpn-server1[2345]: 80.82.77.33:51598 TLS: Initial packet from [AF_INET]80.82.77.33:51598, sid=d9ce3abe f698a56d
Dec 6 21:06:44 ovpn-server1[2345]: 80.82.77.33:43592 TLS: Initial packet from [AF_INET]80.82.77.33:43592, sid=d9ce3abe f698a56d
Dec 6 21:07:14 ovpn-server1[2345]: 80.82.77.33:26876 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Dec 6 21:07:14 ovpn-server1[2345]: 80.82.77.33:26876 TLS Error: TLS handshake failed
Dec 6 21:07:14 ovpn-server1[2345]: 80.82.77.33:26876 SIGUSR1[soft,tls-error] received, client-instance restarting
Dec 6 21:07:14 ovpn-server1[2345]: 80.82.77.33:58120 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Dec 6 21:07:14 ovpn-server1[2345]: 80.82.77.33:58120 TLS Error: TLS handshake failed
Dec 6 21:07:14 ovpn-server1[2345]: 80.82.77.33:58120 SIGUSR1[soft,tls-error] received, client-instance restarting
Dec 6 21:07:29 ovpn-server1[2345]: 80.82.77.33:51598 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Dec 6 21:07:29 ovpn-server1[2345]: 80.82.77.33:51598 TLS Error: TLS handshake failed
Dec 6 21:07:29 ovpn-server1[2345]: 80.82.77.33:51598 SIGUSR1[soft,tls-error] received, client-instance restarting
Dec 6 21:07:44 ovpn-server1[2345]: 80.82.77.33:43592 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Dec 6 21:07:44 ovpn-server1[2345]: 80.82.77.33:43592 TLS Error: TLS handshake failed
Dec 6 21:07:44 ovpn-server1[2345]: 80.82.77.33:43592 SIGUSR1[soft,tls-error] received, client-instance restarting

NEW RT-AX88U with Mirlin 384-19
 
Just the kind of thing you'll typically see if you use the well-known port of any service (in the case of OpenVPN, port 1194). Best way to avoid most of it is to use an obscure port (e.g., 31995).
 
Just the kind of thing you'll typically see if you use the well-known port of any service (in the case of OpenVPN, port 1194). Best way to avoid most of it is to use an obscure port (e.g., 31995).
Are you saying that if I change the default "Server Port" under the advanced settings these outside polling will disappear from the logs?
if I change the default port will I have to update my clients Open VPN configurations???
Thanks.
 
Hackers are always going to try the well-known ports *first*. It only makes sense. And if they don't get a response, they are far more likely to move on in hopes of finding low hanging fruit elsewhere than waste their time trying every protocol on every port. It's just not an efficient way to hack. But NO ONE can guarantee that you'll never have hackers poking around any given port, esp. if they are specifically targeting YOU for some reason.

And yes, of course, you have to update the OpenVPN clients to use the new port.
 
Hackers are always going to try the well-known ports *first*. It only makes sense. And if they don't get a response, they are far more likely to move on in hopes of finding low hanging fruit elsewhere than waste their time trying every protocol on every port. It's just not an efficient way to hack. But NO ONE can guarantee that you'll never have hackers poking around any given port, esp. if they are specifically targeting YOU for some reason.

And yes, of course, you have to update the OpenVPN clients to use the new port.
Thanks I'll try new port numbers and keep an eye on it...
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top