OpenVPN statistics

VPNs OpenVPN
1

Hi,

currently, when an active OpenVPN connection exists, I can look at some statistics like

openvpn
openvpn1168Ɨ210 16.6 KB

Are those metrics persistently saved somewhere in the filesystem? Can they be accessed and collected for some reports?

Michael

2

I am using the available scripts on connect and disconnect to store Informations like ip, time, duration, transfered data.

Take a look at /var/ipfire/ovpn/server.conf

client-connect /var/ipfire/ovpn/scripts/openvpn_up.sh
client-disconnect /var/ipfire/ovpn/scripts/openvpn_down.sh

Sample openvpn_up.sh

#!/bin/bash

NOW="$(date +"%d.%m.%Y %H:%M:%S")"
LOGC=/var/log/OpenVPNConnect.log
RDNS="$(host $untrusted_ip | awk ā€˜{print $NF}ā€™)"

echo ā€œ$NOW OpenVPN connect $common_name from $RDNS with IP $untrusted_ip to IP $ifconfig_pool_remote_ipā€ >> $LOGC

exit 0

3

Thanks for your reply.

Iā€™ve found that OpenVPN itself writes some logs into /var/run/ovpnserver.log, that looks like

OpenVPN CLIENT LIST
Updated,Sat May 2 11:31:30 2020
Common Name,Real Address,Bytes Received,Bytes Sent,Connected Since
Michael,80.187.xxx.xxx:2610,704769,2178219,Sat May 2 11:07:50 2020
ROUTING TABLE
Virtual Address,Common Name,Real Address,Last Ref
10.114.101.10,Michael,80.187.xxx.xxx:2610,Sat May 2 11:31:24 2020
GLOBAL STATS
Max bcast/mcast queue length,0
END

The content disappears some seconds after the client disconntects but with the help of your up and down scripts this may be worth to inverstigate a bit further.

Guess when more than one client is connected, some more lines will be present within section OpenVPN CLIENT LIST above.

Now looking for a script to convert those log lines into some key,value pairsā€¦

Edit: a starting point is the CGI file /srv/web/ipfire/cgi-bin/ovpnmain.cgi, however Iā€™m not a Perl guy at all :stuck_out_tongue_winking_eye:

Edit2: for the records, guess, Iā€™ve already found a Python lib which will do the job for me: https://github.com/tonyseek/openvpn-status Letā€™s see if itā€™s of any helpā€¦

Michael

4

https://git.ipfire.org/?p=ipfire-2.x.git;a=commit;h=3e10b3de4af03caa2f34f2bfbb50a07f85ec5426 ?

Best,

Erik

5

Thanks!

This means the WebIF will get some more statistics or a report? I see some comments or coding about a database connection or db related queries, but Iā€™ve not clue about whatā€™s coming next.

Anyway, my intention is to move those data into a database (InfluxDB) and use Grafana for visual representation.

Michael

6

Your welcome.

Yes, there will be some OpenVPN statistics over the WUI available.

I see.

Best,

Erik