Scritp for Black list for failed login to IPSec VPN
Posted: Thu Mar 28, 2024 1:10 pm
Dear colleagues,
I've been suffering lately from many connectivity attempts via IPSEC and as a result, the logs of the Mikrotik equipment I manage are full of entries and information.
The events I usually receive are these:
ipsec,error: phase1 negotiation failed due to time up
ipsec, error phase1 negotiation failed.
ipsec,error failed to pre-process ph1 packet (side: 1, status 1).
ipsec,error failed to get valid proposal.
ipsec, error no suitable proposal found.
I would like to know if there is any functional script that identifies any of these messages above and blacklists the destination IP?
I found this post here on the forum but unfortunately no one responds and the post's script ends up putting 0.0.0.0 on the blacklist.
viewtopic.php?t=148397
Can anybody help me ?
I've been suffering lately from many connectivity attempts via IPSEC and as a result, the logs of the Mikrotik equipment I manage are full of entries and information.
The events I usually receive are these:
ipsec,error: phase1 negotiation failed due to time up
ipsec, error phase1 negotiation failed.
ipsec,error failed to pre-process ph1 packet (side: 1, status 1).
ipsec,error failed to get valid proposal.
ipsec, error no suitable proposal found.
I would like to know if there is any functional script that identifies any of these messages above and blacklists the destination IP?
I found this post here on the forum but unfortunately no one responds and the post's script ends up putting 0.0.0.0 on the blacklist.
viewtopic.php?t=148397
Can anybody help me ?