Fail2Ban works fine with the built-in jails, but my custom OpenVPN jail doesn't ban anything, neither does my NGINX-DoS jail. The output of sudo fail2ban-client status openvpn is:
Status for the jail: openvpn
|- Filter
| |- Currently failed: 0
| |- Total failed: 0
| `- File list: /var/log/openvpn.log
- Actions
|- Currently banned: 2
|- Total banned: 2
`- Banned IP list: 1.2.3.4 1.3.4.5
I changed the IP addresses, BTW. So the jail is working, but the output of iptables-save | grep 1.2.3.4 returns nothing, so the IP is not being blocked. All other jails work fine.
My openvpn.conf file in filter.d is:
# Fail2Ban filter for selected OpenVPN rejections
#
#
[INCLUDES]
before = common.conf
[Definition]
failregex = ^ TLS Error: incoming packet authentication failed from \
[AF_INET\]<HOST>:\d+$
^ <HOST>:\d+ Connection reset, restarting
^ <HOST>:\d+ TLS Auth Error
^ <HOST>:\d+ TLS Error: TLS handshake failed$
^ <HOST>:\d+ VERIFY ERROR
ignoreregex =
and the section in jail.local is:
[openvpn]
enabled = true
port = 1194
protocol = tcp
backend = auto
filter = openvpn
logpath = /var/log/openvpn.log
action = sendmail[name=openvpn, dest=my_email@my_domain.com]
banaction = iptables-multiport
The same thing is happening with my NGINX jail, fail2ban-client says its banned, and I get an email saying an IP was banned, but nothing happens.
According to the fail2ban Wiki you might want to try setting
protocol = udpinstead ofprotocol = tcp. www.fail2ban.org WikiYour banaction 'iptables-multiport' will create a new iptables chain with all banned ips and add this chain to iptables INPUT chain. You can check if this chain is being created correctly with
iptables -vnL. Look for a 'f2b-openvpn' chain at the 'Chain INPUT' section at the top of that output and then a 'CHAIN f2b-openvpn' section with all the banned IPs further down that output.Also consider obfuscating your mail address from you config example.