Hi
I have simple and straightforward question:
In the log, I’m registering approximately 20-30 errors of the type “phase1 negotiation failed due to time up.”
Is this an attempt to connect to my tunnel, or let’s say, a scan to check if there’s any tunnel present?
Is such a volume of attempts per day normal (mostly from various, non-repeating public IP addresses)?
Is there a proven method to defend against this, aside from manual blacklisting of addresses, or is it something I shouldn’t be overly concerned about?
Thanks