Am 16.11.19 um 11:57 schrieb Gert Doering: > Hi, > > On Sat, Nov 16, 2019 at 11:01:24AM +0100, Boris wrote: >> on a friends linux router I found a running openvpn 2.0. We are in >> trouble with this router because of repeatedly connection requests that >> are unsuccessful but kill the openvpn server after some time. > > So the "openvpn 2.0" on the router is killed after some time (due to > back packets coming from the Internet), or is *this* process killing > another server? > > Generally speaking: use tls-auth. This will stop all packets from > unauthorized sources from generating state and eating memory in the > openvpn server process (it will still eat up some CPU, but if that is > enough to crash the server, you need a faster CPU - or move the openvpn > service to another port).
Hej Gert, thanks a lot for your statement. Yes, the openvpn daemon is dying from all those requests. Is it that section,that you suggest to be enabled? : # For extra security beyond that provided # by SSL/TLS, create an "HMAC firewall" # to help block DoS attacks and UDP port flooding. # # Generate with: # openvpn --genkey --secret ta.key # # The server and each client must have # a copy of this key. # The second parameter should be '0' # on the server and '1' on the clients. ;tls-auth ta.key 0 # This file is secret Thanks, Boris _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
