The tail of my system log is filled with errors like this every second. I'm not sure what to make of it. A whois on the IP address says that it is Charter communications in CO.
Mon Jun 9 23:34:57 2025 daemon.err openvpn(server)[5253]: TLS Error: could not determine wrapping from [AF_INET]174.102.107.50:56862
Mon Jun 9 23:34:58 2025 daemon.err openvpn(server)[5253]: TLS Error: could not determine wrapping from [AF_INET]174.103.252.235:56969
How this relates to OpenWrt? Internet is scanned by residential botnets all the time.
Fail2ban FTW.
I'm running OpenVPN on OpenWrt. So you're suggesting it is just a botnet trying to gain access via OpenVPN? It is cluttering my log with multiple attempts a second.
I'm assuming a package I should install to block it?
It's one way of solving it, yes.
But it needs external storage to save the DB, not something you'd like to write to flash.
I'm running an X86_64 build off of a flash drive but also have a 12TB mirror installed I could use for storage. Is there another way to make this go away so it is not cluttering my log or do you have any suggested links on setting this Fail2ban up? Thanks!
Switch to something else, what doesn't require an open port, like tailscale, etc.
I have WG set up, but I only use it from my cell phone, so I've restricted the allowed IP ranges to the ones belonging to my carrier.
Traffic from the rest of the internet get dropped.
I know people usually discourage it, but dropping ping in the firewall makes the amount of bot hits go down by a factor 10x.
So you're suggesting to not use OpenVPN at all? This is my buddy's router that I set up and only have OpenVPN set up for me as a safeguard to get in remotely if Wireguard got weird. I have multiple clients setup via Wireguard.
Everything that requires an open port towards internet will have the same issue, doesn't matter if it's OpenVPN, WG, ssh..
If you know from where you're connecting, only allow those connections from your ISP/carrier ranges.
All of the other Wireguard clients connect from random places in the field but as far as OpenVPN goes I only created credentials for me as a failsafe.
Bots are looking for holes, to try to use some exploit to get in, it's not very likely they'll try to brute force themselves in to a remote device.
It's just kind of irritating that the log is cluttered with multiple attempts a second. Maybe I should just uninstall OpenVPN & make the drive to my buddy's house if Wireguard fails for whatever reason? I'm not getting any such logs from Wireguard.
Just to be clear, this is his OpenVPN server/port log, or yours ?
If you're only connecting to him, why do you have the port open ?
(His log would be equally cluttered with those scans though)
This is his OpenVPN. I don't have previous experience setting up OpenVPN on OpwnWrt but I previously used it on his old ASUS router with Merlin so I went ahead and set it up from a tutorial but then figured out how to use Wireguard which was not available on the ASUS and ended up setting all the clients up with it instead of OpenVPN.
And the remote device doesn't/can't run Openwrt...
In that case whatever we tell you, could be incorrect, like using tailscale, of fail2ban, since none of that is probably available to him.
Him & I are both running X86_64 builds of OpenWrt that I built. The log I'm referring to is his log. I'm thinking that maybe I will just uninstall OpenVPN on his unit or at least disable it from startup & just make the 30 min drive if for whatever reason Wireguard fails.
I just went ahead & uninstalled OpenVPN on his unit so his log is clear of those attempts now & I will just rely on the Wireguard connection.