What's new

OpenVPN Server on Asus RT-N66U Attack

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

utmx

New Around Here
Hi,

Some details:
1. Asus stock firmware 3.0.0.4.382_52272
2. Embeded openvpn server
3. Firewall and dos-protection are enabled

Issue:
In recent weeks the issues randomly happen with the VPN server - new clients can't connect to it. Router still works. Every time before this case the router logs look something like this:
vpnserver1[]: xxx.xxx.xxx.xxx:44576 TLS: Initial packet from [AF_INET]xxx.xxx.xxx.xxx:44576 (via .....
vpnserver1[]: xxx.xxx.xxx.xxx:41474 TLS: Initial packet from [AF_INET]xxx.xxx.xxx.xxx:41474 (via .....
vpnserver1[]: xxx.xxx.xxx.xxx:25017 TLS: Initial packet from [AF_INET]xxx.xxx.xxx.xxx:25017 (via ..... ,
Where xxx.xxx.xxx.xxx - unknown random IP (Saudi Arabi, sometimes Italy, Holland, etc). Several hundred "initial" packets in a row, about 10 packets per second.

What is it? Attack? How to deal with this?

Thanks!
 
That's just the normal port scanning/hacking attempts you'll get by exposing router services to the internet on common ports. Change your VPN server so that it uses a random port between 10000 and 32000 (and not obvious ones like 10000, 20000, 11111, etc).
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top