ghost
commented
4 years ago fail2ban is not required for wireguard since if they don't authenticate with the right key the server never responds
Closed IssueFindings closed 4 years ago
ghost
commented
4 years ago fail2ban is not required for wireguard since if they don't authenticate with the right key the server never responds
IssueFindings
commented
4 years ago Hello, Many thanks for your answer. Have a nice day.
c33s
commented
3 years ago shouldn't the server still block the ip via firewall? also fail2ban can alert if some ip tries to connect to the server to often or trigger other countermeasures or block the ip on other hosts.
raytracy
commented
3 years ago shouldn't the server still block the ip via firewall? also fail2ban can alert if some ip tries to connect to the server to often or trigger other countermeasures or block the ip on other hosts.
I also vote for the wireguard should log connection failure event for security audit and CSIRT response.
effeffe
commented
1 year ago Sorry for necrobumping,
you can enable logging on journalctl via echo module wireguard +p > /sys/kernel/debug/dynamic_debug/control, or at boot via wireguard.dyndbg=+p. Then write an appropriate fail2ban rule, which could for instance filter the following request:
wireguard: serverino: No peer has allowed IPs matching 239.255.255.250 or any other similar request.
Hello, How I must do to activate Fail2Ban to check WireGuard activities ? Normally, I use the log file but I don't know where is the log file for logins failed. Someone can help me ? Have a nice day.