I use vpn pretty much nonstop to connect to all my traffic. When i setup crowdsec, after about 6 hours, i noticed that my vpns cannot reach the site. if i disconnect it works, so i removed crowdsec, and restarted vps. then my vpns could reach site.
Is there a way to remove vpn blocklist within crowdsec? I really like it so far, and would like the extra protection it has vs fail2ban.
Thank you for your time!
If you mean a commercial VPN, then most likely not as you would need to know every IP address they use so you can whitelist it… if you have setup VPNs that forward traffic then you can just whitelist the VPN
thats pretty terrible solution if i want to unblock all vpns. not just mine. Guess i wont be using crowdsec.
Its not adding any security from blocking vpn hosts that aren’t attacking the server. really need to be a way to undo that. What if its blocking business from buying items. Does one have to unblock every person who uses vpns? or demand they cant use them on any service that uses crowdsec? Seems totally unnecessary!
Its not adding any security from blocking vpn hosts that aren’t attacking the server.
That like saying dont preblock any IP as they are not actively attacking YOUR server, so you can just turn of the CAPI component of CrowdSec as the community blocklist is not something you want to use.
What if its blocking business from buying items
Most businesses wont use commercial VPN’s to purchase items (Commercial VPN in the context of similar services like EG NordVPN), they may use a single forwarding proxy (For outbound traffic reasons) but in my experience I never come across this situation. If they are using a their own VPN then they shouldn’t hit this issue unless they are doing malicious things that end them being inside the community blocklist.
Does one have to unblock every person who uses vpns? or demand they cant use them on any service that uses crowdsec? Seems totally unnecessary!
Then dont use the community blocklist as like I stated above you only want to ban IP’s that are actively attacking YOUR server so pre blocking doesnt seem a right fit for you.
EDIT: if the issue you is having that a “false positive” is happening locally and you want to whitelist those then thats a different topic because how would you know to whitelist them?
Well ill give it a try removing the community blocklist. Thanks for the suggestion.
Commercial VPNs didn’t allow setup to add a route outside of the vpn tunnel ?
It s possible with solutions like anyconnect (cisco) or wireguard.
how do you remove the community blocklist? been looking over configuration info for awhile now and cant seem to figure out how to remove it.
ty for your time!
So its a 2 step process first we need to remove the CAPI credentials via:
sudo rm /etc/crowdsec/online_api_credentials.yaml
sudo touch /etc/crowdsec/online_api_credentials.yaml
Then we need to flush the current CAPI decisions via:
sudo cscli decisions delete --origin CAPI
Hey @johnconer !
Out of curiosity, what VPN provider are you using that was blocked by the community blocklist ? We’re looking to have more granular blocklist in the future, so it might help