Fail2ban configuration

How to configure fail2ban (for version more then 0.10.x version) with docker-openvpn

pre-required

It's require to define the log driver to syslog for your container --log-driver syslog.

In case you are using docker-compose:

#[...]#
    logging:
      driver: syslog
#[...]#

Configuration

Files to create

Filter for rejections

Create a new file /etc/fail2ban/filter.d/openvpn.conf for your rejections rule.

# Fail2Ban filter for selected OpenVPN rejections
# Work for kylemanna/docker-openvpn docker image

[INCLUDES]

before = common.conf

[Definition]

failregex =%(__hostname)s \w{1,20}\[\d+]\:( \w{1,4} \w{1,4} ( )?\d+ \d+\:\d+\:\d+ \d+)? .<HOST>:[0-9]{3,5} TLS Auth Error:.*
           %(__hostname)s \w{1,20}\[\d+]\:( \w{1,4} \w{1,4} ( )?\d+ \d+\:\d+\:\d+ \d+)? .<HOST>:[0-9]{3,5} VERIFY ERROR:.*
           %(__hostname)s \w{1,20}\[\d+]\:( \w{1,4} \w{1,4} ( )?\d+ \d+\:\d+\:\d+ \d+)? .<HOST>:[0-9]{3,5} TLS Error: TLS handshake failed.*
           %(__hostname)s \w{1,20}\[\d+]\:( \w{1,4} \w{1,4} ( )?\d+ \d+\:\d+\:\d+ \d+)? .<HOST>:[0-9]{3,5} SIGUSR1\[soft,connection-reset\] received.*
           %(__hostname)s \w{1,20}\[\d+]\:( \w{1,4} \w{1,4} ( )?\d+ \d+\:\d+\:\d+ \d+)?  TLS Error: cannot locate HMAC in incoming packet from \[AF_INET\]<HOST>:[0-9]{3,5}

ignoreregex =

Jail rule

Create a new file /etc/fail2ban/jail.d/openvpn.conf for jail configuration.

# Fail2Ban jail configuration for OpenVPN

[openvpn]
enabled  = true
port     = 1194
protocol = udp
filter   = openvpn
logpath  = /var/log/syslog
maxretry = 3

Restart fail2ban

Restart your service to load your new rule service fail2ban restart end voilà!