Got a VPN Server on my router. Of course periodically someone tries to knock on it and I get tons of email messages before I add IP to block list.
I don't want to close ports. I want to make script that adds failed IPs to block list.
This command shows negotiation failed IPs
/log print where message~"negotiation"
apr/15 03:50:37 ipsec,error 216.xx.206.6 phase1 negotiation failed.
apr/16 03:31:44 ipsec,error 216.xx.206.118 phase1 negotiation failed.
apr/17 05:33:29 ipsec,error 216.xx.206.102 phase1 negotiation failed.
may/08 14:30:13 ipsec,error 122.xx.64.43 phase1 negotiation failed.
may/08 14:30:13 ipsec,error 122.xx.64.43 phase1 negotiation failed
Does anyone knows how to make script based on command above that parse log and adds IP to IP list?
Any information how alternatively secure IPSec would be useful.