Hello,
I analysed the log and noted this lines:
ovpn, info connection established from 198.108.67.48
ovpn,debug,packet sent P_CONTROL_HARD_RESET_SERVER …
also with 198.108.66.202
Does it means that a port scanner has cracked my VPN data link ?
This is normal protocol handshake.
It could just be a port scan as you say. Port scan is just a scan, nothing more.
Is there not more data to it in the log?
Hello,
Thank you for your answer. I was anxious !
There is no more data in the log with these ip addressees, but only data between the server and the client.
Is it preferable to block these scans ?
I have seen firewall rules in the wiki but I don’t know where to insert them: at the beginning ph the INPUT chain or at the end ?
Rgds,
What do you mean by “between the server and the client” ? Is the client that same IP?
Is it preferable to block these scans ?
I have seen firewall rules in the wiki but I don’t know where to insert them: at the beginning ph the INPUT chain or at the end ?
Rgds,
IMO you cannot prevent port scans completely. But you can make it harder by automatically blocking these IPs for some minutes.
You should describe your environment a little bit more detailed: does your OpenVPN server run on a router or on a serverPC, which firewall do you mean: the one on the router or that on the serverPC, etc…
If it runs on a serverPC than you should install the following tool (or a similar tool) for blocking: https://de.wikipedia.org/wiki/Fail2ban
It runs in the background and analyzes near realtime the log file of these applications like OpenVPN server, and if it sees a failed login attempt then it can block that IP for some minutes.
You can configure it (number of failed attempts, duration of the blocking etc.).
What do you mean by “between the server and the client” ? Is the client that same IP?
Between the both extremities of the vpn (router to router).
The other router is a Teltonika RUT955. Both routers use openVPN.
which firewall do you mean
The one into the Mikrotik router.
And what model is the other router? I assume it’s obviously a MiktoTik, but which model is it? You should mention such basic & essential information when seeking any help.
Ah, ok, got it: it is stated in your signature field 
Ok, let’s summarize: the OpenVPN server is on your router ccr1009-7g-1c-pc with routeros v6.46.4 .
Then you have to use the firewall of the router to ban/block the attempting intruders.
In iptables it is done via “Rate limiting per IP address with hashlimit” → just research. But I think you said you already have some links for RouterOS.
I have seen firewall rules in the wiki but I don’t know where to insert them: at the beginning ph the INPUT chain or at the end ?
If you post the link then maybe someone can tell you more.