-
Notifications
You must be signed in to change notification settings - Fork 2.4k
Fail2ban configuration
miniben-90 edited this page Nov 3, 2022
·
1 revision
How to configure fail2ban (for version more then 0.10.x version) with docker-openvpn
It's require to define the log driver to syslog for your container --log-driver syslog.
In case you are using docker-compose:
#[...]#
logging:
driver: syslog
#[...]#Create a new file /etc/fail2ban/filter.d/openvpn.conf for your rejections rule.
# Fail2Ban filter for selected OpenVPN rejections
# Work for kylemanna/docker-openvpn docker image
[INCLUDES]
before = common.conf
[Definition]
failregex =%(__hostname)s \w{1,20}\[\d+]\:( \w{1,4} \w{1,4} ( )?\d+ \d+\:\d+\:\d+ \d+)? .<HOST>:[0-9]{3,5} TLS Auth Error:.*
%(__hostname)s \w{1,20}\[\d+]\:( \w{1,4} \w{1,4} ( )?\d+ \d+\:\d+\:\d+ \d+)? .<HOST>:[0-9]{3,5} VERIFY ERROR:.*
%(__hostname)s \w{1,20}\[\d+]\:( \w{1,4} \w{1,4} ( )?\d+ \d+\:\d+\:\d+ \d+)? .<HOST>:[0-9]{3,5} TLS Error: TLS handshake failed.*
%(__hostname)s \w{1,20}\[\d+]\:( \w{1,4} \w{1,4} ( )?\d+ \d+\:\d+\:\d+ \d+)? .<HOST>:[0-9]{3,5} SIGUSR1\[soft,connection-reset\] received.*
%(__hostname)s \w{1,20}\[\d+]\:( \w{1,4} \w{1,4} ( )?\d+ \d+\:\d+\:\d+ \d+)? TLS Error: cannot locate HMAC in incoming packet from \[AF_INET\]<HOST>:[0-9]{3,5}
ignoreregex =
Create a new file /etc/fail2ban/jail.d/openvpn.conf for jail configuration.
# Fail2Ban jail configuration for OpenVPN
[openvpn]
enabled = true
port = 1194
protocol = udp
filter = openvpn
logpath = /var/log/syslog
maxretry = 3
Restart your service to load your new rule service fail2ban restart end voilà!