US VPN Brute Force

cql-user-01 · ‎03-05-2025

I've followed some of the most posted protocols for preventing brute force on my vpn interface, biggest was to only allow US based traffic to the interface, but what I've found in the last coupld of years, is that all the open VPN environments in the US are used by threat actors constantly. I'm up to about 3000 failed login attempts in 6 hours time. This is just US based IP's and when I look them up, the bulk of them are associated to open VPN providers IN the US.

I was doing some searching to see if there are geo lists of these open vpn providers that I could import. I've been manually digging up the blocks and doing ASN/Whois lookups to piece it together. I get it down to about 200 / 6 hours, but then in a couple of weeks, shoots back up to the 1K's of hits. Anyone have suggestions? Again, this is US only attacks at this point.

AEK · ‎03-12-2025

You can configure the custom port as show below.

AEK

View solution in original post

AEK · ‎03-06-2025

Move the VPN port to an unknown high port, so scanners can't find it easily.

Also tune the limits like shown below and it will highly mitigate brute force attempts.

config vpn ssl settings
  set login-attempt-limit 2
  set login-block-time 600
end

AEK

cql-user-01 · ‎03-12-2025

No such luck, but thanks. Like I said, I've denied everything but the US, which works, except for all the foreign actors that use the US's VPN network.

AEK · ‎03-12-2025

If you move the port to a high unknown port (something like 43210) then I think no one will find you anymore, except those who received the info from you.

AEK

cql-user-01 · ‎03-12-2025

I was poking around the client. How do I adjust the client to the higher port number? Or does that not matter?

AEK · ‎03-12-2025

You can configure the custom port as show below.

AEK

US VPN Brute Force

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website