Syslog openvpn
-
I want to see the users that logon and logoff from/with Openvpn on our Pfsense machine. (they connect with cerificates) I do not see any authenticated log rules. The rest i see in our syslog file
I have made an export to syslog (export pfsense-Openvpn log.)
-
@tunge2 said in Syslog openvpn:
I want to see
Ask OpenVPN to show the details.
Like :to the maximum value.
Expect a lot of details. -
@Gertjan Thank You
Thats a lot of information but not al little overkill
. It still not clear on when a user exactly connect and disconnect -
With the OpenVPN RAS Verbosity Level set to default I see those two lines after a User authenticated successfully:
Mar 23 15:57:01 openvpn 62926 CLIENTIP:CLIENTPORT [USERNAME] Peer Connection Initiated with [AF_INET]CLIENTIP:CLIENTPORT Mar 23 15:57:01 openvpn user 'USERNAME' authenticated
-Rico
-
@tunge2 said in Syslog openvpn:
It still not clear on when a user exactly connect and disconnect
Have a look here.
Very recently, some threads discussed just that : VPN connect and disconnect notifications. SEnd to you by mail, etc. -
Log with a matching User/Cert but wrong password:
Mar 23 16:02:42 openvpn user 'USERNAME' could not authenticate.
Log with a wrong (unknown) User:
Mar 23 16:05:15 openvpn Username does not match certificate common name (WRONGUSER != USERNAME), access denied.
-Rico
-
@Rico the first line i found. the second log line i did not found.
The connect line is found.
But the disconnect line in the logfile is not so clear
the only rule is this one. The problem is that i does not say the username. Only that some one disconnects.Logfile Openvpn
openvpn[42273]: MANAGEMENT: Client disconnected -
@Rico we only use certificates without the username part.
-
Found it : https://forum.netgate.com/topic/151351/email-notification-openvpn-client-connect-common-name
-
@Gertjan but thats different right? i use syslog and not direct php on the pfsense system