I'm running an L2TP/IPSec VPN, and see different IP's try to connect in my log.
respond new phase 1 (Identity Protection): Mikrotik_IP[500]<=>x.x.x.x[12345]
x.x.x.x failed to get valid proposal.
x.x.x.x failed to pre-process ph1 packet (side: 1, status 1).
x.x.x.x phase1 negotiation failed.
I do have a filter rule that add's all IP's to a list connecting to poort 500 and 4500, but the above connection attempt is not added to the list.
Code: Select all
chain=input action=add-src-to-address-list protocol=udp src-address=!192.168.0.0/24 address-list=test address-list-timeout=0s src-port=500,1701,4500 log=no
How do I add the failed connection attempt IP address to a blocklist without parsing the log every minute?