Hi All

I am trying to find a way of protecting XL2TPD/IPSEC ports from brute force attacks? I looked at fail2ban but seems like it doesnt cover VPNs. Any ideas how I can secure these ports and against authentication failures?

Any one with any ideas? Or am I missing something obvious?

Depends on where connections are allowed from. If you can white list IP addresses or ranges that could be a starting point. Elif start by rate limiting new connections. The network layer after all is the foundation for everything else.


Post some obfuscated messages you would like to block, tell us what you file they're from and we'll try to whip up a recipe to try.

Many thanks for your reply, really appreciate it! Unfortunetly white listing IP isnt an option.After some investigating, I have created a lt2p filter for fail2ban to use and is working well. Also another way round I thought of in the PPP setup you can inject a logger command into the logs then create another filter if you wanted.

Mind sharing the regex(es) you used? Might help with others.
*Also please mark the thread "solved".