VPN Logs on Server 2012 R2 Essentials

Hi

I have a concern about the log entry's in my NAP Log files

My logs show when users login to the network, there IP Address and bits of other information, my concern is this....Iv noticed that there has been multi login attemps to the vpn server using different user names, these all originat from an ip address that is unknown to me, iam trying to figure out if this is an attack on my network to gain access or is this the server its self adding these entry's into the logs.

Any light that can be cast on this problem will be greatly appreciated, Ive noticed the same user names before, they happen at any time of day or night, ive posted part of my log below but ive removed some detals about my server.

"MYSERVERNAMEHERE","RAS",02/24/2015,15:35:38,1,"anyuser","MYDOMAINNAMEHERE\anyuser","192.168.0.14","63.95.247.2",,,"DC1","192.168.0.14",129,,"192.168.0.14","DC1",,,5,,1,2,4,,0,"311 1 fe80::8c42:6da9:65b:43cd 02/21/2015 15:50:45 5",,,,,,,,,,,,,,,,,,1,1,"63.95.247.2","192.168.0.14",,,,,,,"MSRASV5.20",311,,,,,"Microsoft Routing and Remote Access Service Policy",1,,,,
"MYSERVERNAMEHERE","RAS",02/24/2015,15:35:38,1,"anyuser","MYDOMAINNAMEHERE\anyuser","192.168.0.14","63.95.247.2",,,"DC1","192.168.0.14",130,,"192.168.0.14","DC1",,,5,,1,2,4,,0,"311 1 fe80::8c42:6da9:65b:43cd 02/21/2015 15:50:45 6",,,,,,,,,,,,,,,,,,1,1,"63.95.247.2","192.168.0.14",,,,,,,"MSRASV5.20",311,,,,,"Microsoft Routing and Remote Access Service Policy",1,,,,
"MYSERVERNAMEHERE","RAS",02/24/2015,15:35:38,3,,"MYDOMAINNAMEHERE\anyuser",,,,,,,,,,,,,,,,,4,,16,"311 1 fe80::8c42:6da9:65b:43cd 02/21/2015 15:50:45 6",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Microsoft Routing and Remote Access Service Policy",1,,,,
"MYSERVERNAMEHERE","RAS",02/24/2015,15:35:39,1,"infouser","MYDOMAINNAMEHERE\infouser","192.168.0.14","63.95.247.2",,,"DC1","192.168.0.14",129,,"192.168.0.14","DC1",,,5,,1,2,4,,0,"311 1 fe80::8c42:6da9:65b:43cd 02/21/2015 15:50:45 7",,,,,,,,,,,,,,,,,,1,1,"63.95.247.2","192.168.0.14",,,,,,,"MSRASV5.20",311,,,,,"Microsoft Routing and Remote Access Service Policy",1,,,,
"MYSERVERNAMEHERE","RAS",02/24/2015,15:35:39,3,,"MYDOMAINNAMEHERE\infouser",,,,,,,,,,,,,,,,,4,,16,"311 1 fe80::8c42:6da9:65b:43cd 02/21/2015 15:50:45 7",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Microsoft Routing and Remote Access Service Policy",1,,,,
"MYSERVERNAMEHERE","RAS",02/24/2015,15:35:39,1,"infouser","MYDOMAINNAMEHERE\infouser","192.168.0.14","63.95.247.2",,,"DC1","192.168.0.14",130,,"192.168.0.14","DC1",,,5,,1,2,4,,0,"311 1 fe80::8c42:6da9:65b:43cd 02/21/2015 15:50:45 8",,,,,,,,,,,,,,,,,,1,1,"63.95.247.2","192.168.0.14",,,,,,,"MSRASV5.20",311,,,,,"Microsoft Routing and Remote Access Service Policy",1,,,,
"MYSERVERNAMEHERE","RAS",02/24/2015,15:35:39,3,,"MYDOMAINNAMEHERE\infouser",,,,,,,,,,,,,,,,,4,,16,"311 1 fe80::8c42:6da9:65b:43cd 02/21/2015 15:50:45 8",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Microsoft Routing and Remote Access Service Policy",1,,,,
"MYSERVERNAMEHERE","RAS",02/24/2015,15:35:39,1,"infouser","MYDOMAINNAMEHERE\infouser","192.168.0.14","63.95.247.2",,,"DC1","192.168.0.14",129,,"192.168.0.14","DC1",,,5,,1,2,4,,0,"311 1 fe80::8c42:6da9:65b:43cd 02/21/2015 15:50:45 9",,,,,,,,,,,,,,,,,,1,1,"63.95.247.2","192.168.0.14",,,,,,,"MSRASV5.20",311,,,,,"Microsoft Routing and Remote Access Service Policy",1,,,,
"MYSERVERNAMEHERE","RAS",02/24/2015,15:35:39,3,,"MYDOMAINNAMEHERE\infouser",,,,,,,,,,,,,,,,,4,,16,"311 1 fe80::8c42:6da9:65b:43cd 02/21/2015 15:50:45 9",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Microsoft Routing and Remote Access Service Policy",1,,,,
"MYSERVERNAMEHERE","RAS""RAS",02/24/2015,15:35:39,3,,"MYDOMAINNAMEHERE\infouser",,,,,,,,,,,,,,,,,4,,16,"311 1 fe80::8c42:6da9:65b:43cd 02/21/2015 15:50:45 10",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Microsoft Routing and Remote Access Service Policy",1,,,,
"MYSERVERNAMEHERE","RAS""RAS",02/24/2015,15:35:40,1,"posuser","MYDOMAINNAMEHERE\posuser","192.168.0.14","63.95.247.2",,,"DC1","192.168.0.14",129,,"192.168.0.14","DC1",,,5,,1,2,4,,0,"311 1 fe80::8c42:6da9:65b:43cd 02/21/2015 15:50:45 11",,,,,,,,,,,,,,,,,,1,1,"63.95.247.2","192.168.0.14",,,,,,,"MSRASV5.20",311,,,,,"Microsoft Routing and Remote Access Service Policy",1,,,,

Other usernames used are

opencourse
ostec
hotelsystems
helpdesk
mfs

and about 100 more

Thanks in advance Paul