OPENVPN logs: Access from other countries?

  • Hello,


    today I took a look into the logs of the OPEN VPN tool and there were so many ip adresses from china, Taiwan, USA.
    Is that normal and what do they mean?


    I am 100% percent sure that nobody was accessing my NAS.



    The log files are full with stuff like these:


  • It just seems like someone is trying to gain access by attacking ("this condition could also indicate a possible active attack on the TCP link"). It also seems like they're failing since it's saying "connection reset", so hopefully their method has already been blocked. I'm no expert on this, but that's how I interpret it :)

  • I'm in the same situation, but the SSH protocol


    someone can explain to me?


    see attacchemn


    This would worry me a lot more if you know that's addresses you don't know. You probably have a weak password and may be infected by something now.


    From past experiences we have seen strange files in /etc/init.d so post what's in there or if you find something else suspicious.

  • What I don't understand is why it would accept a connection from a high port like that. They are being disconnected.


    It's actually not that weird. Clients get a random port assigned to them so that's actually not the port on his end, but the port OpenVPN is connecting to on the clients side.

  • As far as I know it's really normal that people from other countries scan all our ports. ( Remember the old windows virus. You just had to go online and you got infected even if you don't open your browser)


    @Carlos05
    I am not sure but they really seem to have access to your system! umplug it from WAN and reconfigure and update your system.


  • This would worry me a lot more if you know that's addresses you don't know. You probably have a weak password and may be infected by something now.


    From past experiences we have seen strange files in /etc/init.d so post what's in there or if you find something else suspicious.


    As far as I know it's really normal that people from other countries scan all our ports. ( Remember the old windows virus. You just had to go online and you got infected even if you don't open your browser)


    @Carlos05
    I am not sure but they really seem to have access to your system! umplug it from WAN and reconfigure and update your system.


    I'll try that, even though my OMV always updated

  • From OpenVPN website:


    proto udp


    While OpenVPN allows either the TCP or UDP protocol to be used as the VPN carrier connection, the UDP protocol will provide better protection against DoS attacks and port scanning than TCP:


    proto udp

  • Carlos, I wanted him to change pass and see if it comes back quickly. If it did I would expect his machine is infected. But yeah, something is bad there.


    @Silentium, I wold change your VPN configuration to use UDP. You do no tneed SSH for OpenVPN. You could created a firewall rule so it could only be used on the LAN but then you could never use it via your VPN connection, because you are on a different subnet when connected with VPN.

  • Carlos, I wanted him to change pass and see if it comes back quickly. If it did I would expect his machine is infected. But yeah, something is bad there.


    @Silentium, I wold change your VPN configuration to use UDP. You do no tneed SSH for OpenVPN. You could created a firewall rule so it could only be used on the LAN but then you could never use it via your VPN connection, because you are on a different subnet when connected with VPN.

    I changed the pass and have not had more connections via ssh


    By the way, I do not use plex or vpn

Jetzt mitmachen!

Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!