How to block an unknown IP address which keeps dialing VPN to Vigor Router?

As the VPN server, Vigor Router always listens to the VPN ports for accepting VPN connection from on the internet. Sometimes, we may see some unknown IP addresses keep sending VPN request to Vigor Router on syslog, but cannot find out who the remote peer is. It is annoying and might be a security risk. This document will demonstrate how to block the unknown IP address which keeps dialing VPN to Vigor Router.

Content:

 

 

When using DrayOS router as VPN server

1. Go to Firewall >> Defense Setup page and select Enable DoS Defense.

 

2. Go to Diagnostics >> DoS Flood Table page, and select the White/ Black IP List tab. Input the unknown peer's IP and click Add to add the IP into Black IP List.

 

3. After that, we will see the Firewall (DoS) log instead of the the VPN log:

1292017-12-27 16:19:22Dec 27 08:19:19DrayTek[DOS][Block][Blocking List][172.16.2.194→Vigor Router's WAN IP]

Firewall of Vigor Router has block the unknown peer IP successfully.

 

 

When using Vigor3900 or Vigor2960 as VPN server

1. Go to Objects Setting >> IP Object page and add the unknown IP as an IP Address.

  1. Give a profile name
  2. Select Single as Address Type
  3. Enter the unknown peer IP as Start IP Address

 

2. Go to Objects Setting >> Time Object page and add a Time Object.

  1. Give a profile name
  2. Select Weekdays as Frequency
  3. Enter Start Time, End Time and Weekdays
    Please enter the Start Time which is later but closed to the current time, and the End Time is a little earlier then the Start Time.
    For example, if the current time is 15:55 and we can enter the start time as 16:00:00, and the end time as 15:59:59.

Note: After the firewall rule effects, this Time Object can be removed.

 

3. Go to Firewall >> Filter Setup page, create an IP Filter Group then click Add to create am IP Filter Rule for blocking the unknow peer IP.

  1. Check Enable
  2. Select Block as Action
  3. In Time Schedule >> Time Object, select the Time object created in previous step
  4. In Time Schedule >> Advanced Setting, select Clear Session when Scheduler is on
  5. In Source IP, select the IP object created in previous step
  6. Apply the setting

 

4. After that, we will see the Firewall log instead of the the VPN log:

<13>Dec 27 17:13:02 Vigor: [Clear Session] Delete conntrack by ip_filter_set_rule : unknown
<135>Dec 27 17:13:07 Vigor: [IPF-unknown] BLOCK src ip 1.2.3.4 mac 00:1d:aa:xx:xx:xx dst ip 172.17.5.92 proto udp DPT=500, skbmark=10000002/0

Firewall of Vigor Router has block the unknown peer IP successfully.

Was this article helpful ?
109How to block an unknown IP address which keeps dialing VPN to Vigor Router? has been viewed------ 109 ------times.