So, obviously a L2TP/IPSEC VPN provides pretty good security, once the link is established… but I’ve been wondering, what stops a users from getting into your system with a brute force/dictionary attack on your ppp secret username/password combination?
I found a way to lock down SSH by changing a the port and also using a firewall blacklist script to identify repeated SSH fail attempts. While I can change the L2TP server port, how can I detect and perhaps do a time-based lockout for failed logon attemps?
Let’s presume your VPN clients (or even static peers) try to connect once and then are connected for a while.
Normally, no real user or peer would connect more often than once in say 5 minutes.
What I changed for my needs:
I don’t use a L7 protocol.
I’m just filling the address lists by hosts, opening a new connection to my router on specific ports.
My Stage1 lifetime is 5 minutes, stage 2 lifetime is 10 mintes and blacklist does not have a lifetime.
Additionally, I don’t limit the rate.
