Hi to all!
Have a little problem. Have a CCR mikrotik and OVPN server on it. It works fine for years, bun yeaterday i have a problem. My clients can’t connect to the server.
First step is to see logs. So i see a couple of attacs to Tik via winbox, SSH, API from some external IP addresses. It was not a problem, because i did’t have an access from internet for all services. But next was s multiple TCP connections from about 10 IP’s via OVPN and it continues:
21:48:33 ovpn,info TCP connection established from 54.251.31.129
21:48:34 ovpn,info TCP connection established from 54.183.255.129
21:48:34 ovpn,info TCP connection established from 54.241.32.97
21:48:37 ovpn,info TCP connection established from 54.248.220.33
21:48:37 ovpn,info TCP connection established from 54.232.40.65
21:48:39 ovpn,info TCP connection established from 54.244.52.193
21:48:42 ovpn,info TCP connection established from 107.23.255.1
21:48:43 ovpn,info TCP connection established from 176.34.159.225
21:48:44 ovpn,info TCP connection established from 54.250.253.225
21:48:46 ovpn,info TCP connection established from 177.71.207.161
21:48:47 ovpn,info TCP connection established from 54.228.16.1
I think that this attacks pervents my connections.
So i put a simple rule like /ip firewall filter add chain=input src-address-list=BAN_IP action=drop, and put all this IP’s in this address-list. And it does nothing. Tik didnt block any connection from those IP’s.
I have 2 providers, i tried to create 2 rules, for each of providers, but it still didnt work.
What do you think? Where is my mistake?
Sorry for my english, it is not perfect.