EdgeRouter Fail2Ban Persistence Through Upgrades

My last post detailed how to install and configure Fail2Ban on a Ubiquiti EdgeRouter to thwart brute force attacks against an OpenVPN server. Unfortunately, programs installed on EdgeRouters do not persist through upgrades because new images overwrite the filesystem. However, using a trick outlined here, we can set up the router to automatically install Fail2Ban and restore the settings.


Continue reading “EdgeRouter Fail2Ban Persistence Through Upgrades”

Mitigating an OpenVPN Brute Force Attack with Fail2Ban on EdgeRouter

Tonight, I noticed numerous attempts from a variety of sources to log in to my OpenVPN server that I run on my EdgeRouter (ER-X-SFP) at home. Unfortunately EdgeRouter doesn’t support any sort of blacklisting for OpenVPN natively, but it does allow the installation of Debian packages.

After playing a bit with Fail2Ban configuration, I’ve configured my router to block these repeated attempts automatically.


Continue reading “Mitigating an OpenVPN Brute Force Attack with Fail2Ban on EdgeRouter”

Home Network DNS Infrastructure

Today, I stumbled upon Pi-hole, a DNS server designed for home deployments to block ads for a network. Unlike Adblock Plus or other browser-based adblockers, this applies to all devices on the network, including phones and tablets. Pi-hole also provides a web GUI with a nice dashboard to visualize your network’s use of the system (depicted below). This pet project cascaded into revisiting DNS across my home networks.


Continue reading “Home Network DNS Infrastructure”