EdgeRouter Fail2Ban Persistence Through Upgrades

My last post detailed how to install and configure Fail2Ban on a Ubiquiti EdgeRouter to thwart brute force attacks against an OpenVPN server. Unfortunately, programs installed on EdgeRouters do not persist through upgrades because new images overwrite the filesystem. However, using a trick outlined here, we can set up the router to automatically install Fail2Ban and restore the settings.

Continue reading “EdgeRouter Fail2Ban Persistence Through Upgrades”

Mitigating an OpenVPN Brute Force Attack with Fail2Ban on EdgeRouter

Tonight, I noticed numerous attempts from a variety of sources to log in to my OpenVPN server that I run on my EdgeRouter (ER-X-SFP) at home. Unfortunately EdgeRouter doesn’t support any sort of blacklisting for OpenVPN natively, but it does allow the installation of Debian packages.

After playing a bit with Fail2Ban configuration, I’ve configured my router to block these repeated attempts automatically.

Continue reading “Mitigating an OpenVPN Brute Force Attack with Fail2Ban on EdgeRouter”