VPN Security

Arcee · May 17, 2016, 8:13pm

So, I might be a bit paranoid but how secure is the VPN authentication and logging process on RouterOS.

While reviewing logs, I noticed this:
pptp: ,info MyRouter: TCP connection established from 123.151.42.61

What I gather here is that a host as successfully authenticated and connected to my router via pptp. I feel helpless with respect to security controls on my router. If I enable logging my logs will be flooded with connection/control information for legitimate VPN connections.

Questions I have are:
What ppp secret they connected with?
What did they do when they logged in?

I also wish there was a failed logon attempt counter lockout control.

Are you all using RouterOSon your networks for VPN access?
If so, what ppp protocol are you using pptp, sstp, l2tp or OVPN?

If not, what devices are you using for VPN access?

My particular application is with a small WISP. VPN access is used with a few linux/windows servers and an occasional connection from a laptop users that will connect from many different location.

Thoughts?

jebz · May 18, 2016, 1:17am

pptp: ,info MyRouter: TCP connection established from 123.151.42.61

Drop all connections from 123.151.42.0/24 in a Banned List. That site is continually scanning.

Arcee · May 18, 2016, 1:49am

Are you seeing this host also on your network?

jebz · May 18, 2016, 9:57pm

Yes I did and now it’s dropped. If you search the IP in Google you will see it’s a malicious site. Many reports of it attempting SSH and VPN logins.

Arcee · May 18, 2016, 11:01pm

Last question: What site are you guys using for IP lookups? OR are you just doing general Google searches?

Sent from my SM-G920I using Tapatalk

jebz · May 19, 2016, 12:34am

Google.
This is a useful result -
https://www.abuseipdb.com/check/123.151.42.61