1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

messages in syslog wrt OpenVPN Server

Discussion in 'Asuswrt-Merlin' started by GSpock, Nov 19, 2019.

  1. GSpock

    GSpock Regular Contributor

    Joined:
    May 19, 2015
    Messages:
    156
    Location:
    Belgium
    Hi Folks,
    I am running 2 OpenVPN Server and getting those messages in syslog with regards to Server 2 although I have not been using it (I mean I did not connect to it) : any ideas ?
    (RT-AC87U with 384.13_1)

    Nov 19 14:02:38 ovpn-server2[6368]: 37.49.230.9:49188 WARNING: Bad encapsulated packet length from peer (5635), which must be > 0 and <= 1626 -- please ensure that --tun-mtu or --link-mtu is equal on both peers -- this condition could also indicate a possible active attack on the TCP link -- [Attempting restart...]
    Nov 19 14:02:38 ovpn-server2[6368]: 37.49.230.9:49188 Connection reset, restarting [0]
    Nov 19 14:02:38 ovpn-server2[6368]: 37.49.230.9:49188 SIGUSR1[soft,connection-reset] received, client-instance restarting
    Nov 19 14:02:38 ovpn-server2[6368]: TCP connection established with [AF_INET6]::ffff:37.49.230.9:49223
    Nov 19 14:02:38 ovpn-server2[6368]: 37.49.230.9:49223 WARNING: Bad encapsulated packet length from peer (5635), which must be > 0 and <= 1626 -- please ensure that --tun-mtu or --link-mtu is equal on both peers -- this condition could also indicate a possible active attack on the TCP link -- [Attempting restart...]
    Nov 19 14:02:38 ovpn-server2[6368]: 37.49.230.9:49223 Connection reset, restarting [0]
    Nov 19 14:02:38 ovpn-server2[6368]: 37.49.230.9:49223 SIGUSR1[soft,connection-reset] received, client-instance restarting
    Nov 19 19:08:18 ovpn-server2[6368]: TCP connection established with [AF_INET6]::ffff:92.118.160.57:64983
    Nov 19 19:08:20 ovpn-server2[6368]: 92.118.160.57:64983 WARNING: Bad encapsulated packet length from peer (5635), which must be > 0 and <= 1626 -- please ensure that --tun-mtu or --link-mtu is equal on both peers -- this condition could also indicate a possible active attack on the TCP link -- [Attempting restart...]

    Thanks,
    GS
     
  2. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    9,794
    Location:
    UK
    Looks like normal port scanning. Both those source addresses are in the abuse database.
     
  3. GSpock

    GSpock Regular Contributor

    Joined:
    May 19, 2015
    Messages:
    156
    Location:
    Belgium
    Thanks a lot !
     
  4. martinr

    martinr Part of the Furniture

    Joined:
    Nov 27, 2014
    Messages:
    2,220
    Location:
    Manchester, United Kingdom
    Are you using the default port numbers for the servers? If so, you might wish to consider using an obscure port number, even if only temporarily to see the drop in such log entries. But have a read here first:

    https://www.snbforums.com/threads/changing-openvpn-server-port-number-backfires.57116/#post-498181
     
    GSpock likes this.
  5. Volfi

    Volfi Regular Contributor

    Joined:
    Jan 13, 2018
    Messages:
    69
    I usually run OpenVPN server on 443 port, due to less blocking, but scanning is immense.
     
    netware5 likes this.
  6. netware5

    netware5 Senior Member

    Joined:
    Mar 9, 2013
    Messages:
    388
    Location:
    Bulgaria
    Me too. There are countries where internet access is heavily filtered, so using of TCP port 443 on your server is the only solution allowing the client to connect. But the price paid is these portscanning entries flooding the log.
     
    GSpock likes this.
  7. GSpock

    GSpock Regular Contributor

    Joined:
    May 19, 2015
    Messages:
    156
    Location:
    Belgium
    for server1 I use a custom port, but for server2 I have to use 443 (some remote place only allows me to go thru 443). So, I understand there is nothing to do then .... thanks all for your answers.

    GS