OpenVPN UNDEF connection from different public IP's

Discussion room for Synology VPN package in DSM 3.1-1725 or above.
Forum rules
Synology Community is the new platform for the enthusiasts' interaction, and it will soon be available to replace the Forum.
mohsh86
Trainee
Trainee
Posts: 10
Joined: Mon Aug 03, 2015 1:34 am

OpenVPN UNDEF connection from different public IP's

Unread post by mohsh86 » Thu Sep 06, 2018 12:44 pm

I've just noticed that there are multiple OpenVPN connection with user UNDEF (no allocated local IP).

Is that a security breache? Vulnerability?anyone experiencing similar thing?

fgonzalez
I'm New!
I'm New!
Posts: 1
Joined: Mon Sep 10, 2018 3:31 pm

Re: OpenVPN UNDEF connection from different public IP's

Unread post by fgonzalez » Mon Sep 10, 2018 3:41 pm

Hi,

I have the same problem. It happens from time to time and from different IPs. Most of the times are as many connections as Maximum connection number I have set up
The connections never appear in the log. Is this a status when someone is trying to log into VPN or something different?

In the connection list in VPN Server.
User name: UNDEF
Client IP: An Ip from different countries.

I am with the latest 6.2.23739 Update 2 DSM and latest version of the VPN server.

gokky
Versed
Versed
Posts: 219
Joined: Fri Sep 13, 2013 9:34 pm

Re: OpenVPN UNDEF connection from different public IP's

Unread post by gokky » Mon Sep 10, 2018 8:45 pm

If your process allows you I suggest you to set firewall up and allow access to VPN only from countries you need.

mitchus
I'm New!
I'm New!
Posts: 7
Joined: Mon Dec 18, 2017 5:55 pm

Re: OpenVPN UNDEF connection from different public IP's

Unread post by mitchus » Wed Sep 12, 2018 7:16 am

I am experiencing the same thing, an UNDEF connection from a completely unknown IP address... what the *&^$#? :evil:

mitchus
I'm New!
I'm New!
Posts: 7
Joined: Mon Dec 18, 2017 5:55 pm

Re: OpenVPN UNDEF connection from different public IP's

Unread post by mitchus » Wed Sep 12, 2018 7:24 am

gokky wrote:
Mon Sep 10, 2018 8:45 pm
If your process allows you I suggest you to set firewall up and allow access to VPN only from countries you need.
While that's a good idea, it clearly does not solve the problem.

gokky
Versed
Versed
Posts: 219
Joined: Fri Sep 13, 2013 9:34 pm

Re: OpenVPN UNDEF connection from different public IP's

Unread post by gokky » Fri Sep 14, 2018 1:52 pm

It does not solve, but lowers probability. Do you expect no one will try to establish different (and potentially harmfull) connections to any publicly opened port (including VPN port)?

Rockford622
I'm New!
I'm New!
Posts: 5
Joined: Mon Oct 19, 2009 10:17 pm

Re: OpenVPN UNDEF connection from different public IP's

Unread post by Rockford622 » Sun Sep 16, 2018 3:11 am

I am experiencing the exact same thing. I have gone as far as to block all UDP traffic on the port I am using for OpenVPN, except for my work IP and the range Verizon assigns my phone (I looked up the range they use). Now, I am getting UNDEFs coming from an IP in the Verizon range, whereas before they were coming from various other IPs.

Prior to this, I was blocking the IPs one at a time and I quickly realized that would never work. As soon as I would block one, a different one would appear.

This is very annoying because it tends to fill up my allowed max connections and I have difficultly making a connection myself.

tproko
Novice
Novice
Posts: 51
Joined: Sun Jun 11, 2017 8:58 am

Re: OpenVPN UNDEF connection from different public IP's

Unread post by tproko » Mon Sep 17, 2018 10:44 am

Reading the OpenVPN docu, this seem to be connections which are trying to establish a login...
During TLS-handshake, this information (UNDEF) is printed since there isn't a real user yet. So seems like Brute-Force-Login attacks or something like that.

I would try to set "auto block IP after 5 failed login attempts", maybe this also helps for OpenVPN logins (haven't tested this yet). Maybe Synology hasn't monitored those UNDEF connections previously and it came with an Update, or those attacks are currently increasing.

For the Synology VPN, which is in my opinion very weak by default, there is a guide in this VPN Server forum, how you can harden your Synology VPN with Client Certs. I can just recomment this setup for everyone, to get another factor additionally to User/Password to harden your VPN connection. No client without a valid Cert can connect anymore.

Post Reply

Return to “VPN Server”