OpenVPN & VPN account security

Discussions for BiPAC 8900 series: 8900AX-1600, 8900AX-2400, 8900X
Post Reply
charliem
Posts: 16
Joined: Fri Nov 17, 2017 10:08 pm

OpenVPN & VPN account security

Post by charliem » Fri Jan 28, 2022 11:43 pm

I have my 8900AX R2 set up with an openVPN account and a VPN, so I can connect to home network from phone.

Works well. Extremely stable router; much better with openVPN included in firmware update a couple of years ago.
Nice to see the Certificate generating changes in recent firmware, too.

Question - can I log more security information or increase security?

I note very little info in logs. Each day, I see 2 or 3 abusive IPs in the 'system log' and almost nothing in the 'security log'. example
Jan 28 10:31:39 daemon notice openvpn[20288]: TCP connection established with [AF_INET]156.251.172.117:43188
Jan 28 10:31:39 daemon warn openvpn[20288]: 156.251.172.117:43188 WARNING: Bad encapsulated packet length from peer (5635), which must be > 0 and <= 1556 -- please ensure that --tun-mtu or --link-mtu is equal on both peers -- this condition c
Jan 28 10:31:40 daemon notice openvpn[20288]: TCP connection established with [AF_INET]156.251.172.117:44138
I presume nothing is successful, or I'd see a ' pool returned IPv4=x.x.0.26, IPv6=(Not enabled)'

Is it possible to log more information? Changing [configuration > system > configure log] from 'informational' to 'debugging' doesn't help.

I'd particularly like to see attempts to log into the VPN. If I log in, all I get in 'security log' is:
J
an 28 23:21:10 kern info kernel: PacketFilter: Forward TCP packet from [pppoa0] 2xx.20x.xxx.8:41496 to xx.9.xx.xx:1xx4 (x=redcated)
...not even a log of the VPN account I logged into.

Are there any other security recomendations? I realise I could limit IP ranges, but mobile providers seem to have such a range; certainly can't find a reliable set of ranges for EE.

Post Reply