New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
OVH VPS w/ Openvpn sometimes when under attack the mitigation shuts down all connections to vpn.
badcopnodonut
Member
in Help
Not sure if anyone has had this issue before but the ovh 2014-2015 didn't have these issues but currently from what i've gathered even with forced firewall on, ovh still chooses to force ovh mitigation. Anyone have any suggestions to remedy this problem to eliminate the downtime? Perhaps some firewall suggestions, or just general guidance. Thanks to anyone who is willing to provide help.
Comments
welcome to all OVH brand helpdesk,
please wait patiently, our helpdesk will answer your question quickly and making fun about this thread quickly.
Thank you for your understanding
regards,
OVH Brand Ambassador
If you use Kimsufi instead, it will be better.
Regards,
Kimsufi Brand Ambassador
Use network firewall to block ports/protocols you don't need, then take a tcpdump and give it to OVH and state your issue.
Also you might switch to TCP based VPN if you use UDP. The performance might be a bit worse, but I think OVH DDoS mitigation handles TCP based connections better.
Even though it is the same network.
thx
just buy an extra $3-one-time IP for all your connections to the vpn
Here is the email i recieve from ovh and even with these settings along with a combination of different allowances for 1194 when ovh vac forces me into mitigation it kills the openvpn connect
http://i.imgur.com/dhHKKTa.png
But support will be much better, since there's KimsufiTalk.
Debian.
True. OVH support = amazing if you can speak French
thx
Nothing beats KimsufiTalk and debian.
debian.
Anyone know of any ideas on how to fix this solution just keep getting the most generic responses i've tried just about everything i can possibly think of.
I told you
get another goddamned IP for 3 damn dollars one-time fee and use it for inbound connections and use a separate IP for outbound, so DDoSers will only DDoS the IP that the VPN connection aren't on, leaving them intact when mitigation kicks in
Their UDP mitigation takes the largest stream and drops it, in a VPN scenario the largest stream will usually be the be the UDP VPN traffic.