Hello,
during the last 12-24h we noticed a lot of the following log entries below on our MT devices.
The requests are mainly originating from China and Asia:
17:29:59 ovpn,info TCP connection established from x.x.x.x
17:29:59 ovpn,debug,error packet with wrong keyID 1, expected 0, dropping
17:29:59 ovpn,info TCP connection established from x.x.x.x
17:29:59 ovpn,debug,error packet with wrong keyID 1, expected 0, dropping
17:30:13 ovpn,info TCP connection established from x.x.x.x
17:30:13 ovpn,debug,error packet with wrong keyID 1, expected 0, dropping
17:30:15 ovpn,info TCP connection established from x.x.x.x
17:30:15 ovpn,debug,error packet with wrong keyID 1, expected 0, dropping
The source IPs seem to be related to a botnet - eg. https://www.talosintelligence.com/reputation_center/lookup?search=218.75.37.20
Is there a new attack vector on the OpenVPN implementation in ROS or just regular noise?
Thanks