ein Filter um OpenVPN zu überwachen
/etc/fail2ban/filter.d/openvpn.conf
# Fail2Ban filter for selected OpenVPN rejections
#
#
[Definition]
# Example messages (other matched messages not seen in the testing server's logs):
# Fri Sep 23 11:55:36 2016 TLS Error: incoming packet authentication failed from [AF_INET]59.90.146.160:51223
# Thu Aug 25 09:36:02 2016 117.207.115.143:58922 TLS Error: TLS handshake failed
failregex = ^ (.*) TLS Error: incoming packet authentication failed from \[AF_INET\]<HOST>:\d+$
^ (.*) TLS Error: cannot locate HMAC in incoming packet from \[AF_INET\]<HOST>:\d+$
^ (.*) <HOST>:\d+ Connection reset, restarting
^ (.*) <HOST>:\d+ TLS Auth Error
^ (.*) <HOST>:\d+ TLS Error: TLS handshake failed$
^ (.*) <HOST>:\d+ VERIFY ERROR
^ (.*) <HOST>:\d+ TLS Error: TLS key negotiation failed to occur within 60 seconds.*$
^ (.*) <HOST>:[0-9]{4,5} TLS Auth Error: Auth Username/Password verification failed for peer
ignoreregex =
/etc/fail2ban/jail.local
[openvpn]
enabled = true
port = 1194
protocol = udp
filter = openvpn
logpath = /var/log/openvpn/openvpn.log
maxretry = 2