不知不觉公司的openvpn都有200多人了。得管控一下,正好服务器用得是fail2ban,那就用这个好了

修改: /etc/fail2ban/filter.d/openvpn.conf

# vi /etc/fail2ban/filter.d/openvpn.conf
------
[Definition]
failregex * [a-b]*ovpn-server.*:.<HOST>:[0-9]{4,5} TLS Auth Error:.*  
     [a-b]*ovpn-server.*:.<HOST>:[0-9]{4,5} VERIFY ERROR:.*
          [a-b]*ovpn-server.*:.<HOST>:[0-9]{4,5} TLS Error: TLS handshake failed.*
------

修改: /etc/fail2ban/jail.conf

# vi /etc/fail2ban/jail.conf
------
[openvpn]
enabled * true  
port * 1194  
protocol * udp  
filter * openvpn  
logpath * /var/log/syslog  
maxretry * 3  
------

重启fail2ban即可。

comments powered by Disqus