[Solved] Strange activity in log - OpenVPN

Picked this up in my log;

Thu Mar 14 20:04:12 2019 daemon.notice openvpn(Server443)[5740]: TCP connection established with [AF_INET]xx.xxx.xx.xx:2225
Thu Mar 14 20:04:12 2019 daemon.notice openvpn(Server443)[5740]: TCPv4_SERVER link local: (not bound)
Thu Mar 14 20:04:12 2019 daemon.notice openvpn(Server443)[5740]: TCPv4_SERVER link remote: [AF_INET]xx.xxx.xx.xx:2225
Thu Mar 14 20:05:12 2019 daemon.err openvpn(Server443)[5740]: xx.xxx.xx.xx:2225 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Thu Mar 14 20:05:12 2019 daemon.err openvpn(Server443)[5740]: xx.xxx.xx.xx:2225 TLS Error: TLS handshake failed
Thu Mar 14 20:05:12 2019 daemon.err openvpn(Server443)[5740]: xx.xxx.xx.xx:2225 Fatal TLS error (check_tls_errors_co), restarting
Thu Mar 14 20:05:12 2019 daemon.notice openvpn(Server443)[5740]: xx.xxx.xx.xx:2225 SIGUSR1[soft,tls-error] received, client-instance restarting
Thu Mar 14 20:05:12 2019 daemon.notice openvpn(Server443)[5740]: TCP/UDP: Closing socket

xx.xxx.xx.xx:2225 appears to be an unknown ip located in another country, am I interpreting this log correctly?

Yes. This is normal. Someone was probing your router for open ports (although probably as part of a larger address range, if not even the whole internet) and by chance hit your port 2225. Most likely they were not even trying to speak OpenVPN, but your OpenVPN server still logs that as a "failed connection attempt."

4 Likes

Thank you.

The OpenWRT community really is a helpful bunch!!

And the FW itself is outstanding!!!

Thanks all!

3 Likes

If your problem is solved, feel free to mark the relevant post as the solution; and edit the title to add "[SOLVED]" to the beginning (click the pencil behind the topic).

grafik

1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.