I just did some more testing and I can confirm it works also for 2.4
As Derek mentioned, some minor changes need to be made to the jail.conf
to get the notifications going.
Since I was interested to extend the feature to also ban openvpn
connection tries, I think I managed to get it done.
Here is how to get fail2ban to monitor Openvpn on Endian:
(Tested on 2.4)
1.) in jail.conf add:
[openvpn-iptables]
enabled = true
filter = openvpn
action = iptables[name=openvpn, port=openvpn, protocol=udp]
sendmail-whois[name=OpenVPN, [email protected],
[email protected]]
logpath = /var/log/openvpn/openvpn.log
maxretry = 6
(In order to get the notifications to work, the SMTP Proxy needs to be
active)
2.) create openvpn.conf in /var/efw/fail2ban/filter.d
[INCLUDES]
before = common.conf
[Definition]
_daemon = openvpn
failregex = ^ EFWNAME openvpn[[0-9]{4,5}]: <HOST>:[0-9]{4,5} TLS Auth
Error: Auth Username/Password verification failed $
ignoreregex =
(The failregex part needs to be one line! In EFWNAME I added the name of
the efw box as it was typed on the openvpn.log. )
3.) restart fail2ban
/etc/init.d/fail2ban restart
Hope someone can have some use for it! I am open to any suggestions on
how to improve the code.
Vassilis
------------------------------------------------------------------------------
This SF.net email is sponsored by Sprint
What will you do first with EVO, the first 4G phone?
Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first
_______________________________________________
Efw-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/efw-user
