Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    API log for OPEN VPN

    Scheduled Pinned Locked Moved OpenVPN
    6 Posts 3 Posters 724 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Q
      querichelli55
      last edited by

      Hi guys.

      There is a way to use an API to get OPEN VPN logs ?
      I want to see in realtime who are connected in my VPN, but I want this information outside PfSense WEBGUI.

      1 Reply Last reply Reply Quote 0
      • JeGrJ
        JeGr LAYER 8 Moderator
        last edited by

        You can simply do the following: create a monitoring/whatever like user that can only login via SSH into your firewall, then let it login and use a command like

        echo status <1-3> | socat - UNIX-CONNECT:/var/etc/openvpn/<your_server_socket>.sock
        
        e.g.:
        
        echo status 2 | socat - UNIX-CONNECT:/var/etc/openvpn/server1.sock
        

        The output should be something like

        >INFO:OpenVPN Management Interface Version 1 -- type 'help' for more info
        TITLE,OpenVPN 2.4.9 amd64-portbld-freebsd11.3 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on May  4 2020
        TIME,Tue Jun 30 11:44:24 2020,1593510264
        HEADER,CLIENT_LIST,Common Name,Real Address,Virtual Address,Virtual IPv6 Address,Bytes Received,Bytes Sent,Connected Since,Connected Since (time_t),Username,Client ID,Peer ID
        CLIENT_LIST,<username>,<real_user_ip>:10911,<vpn_ip>,,1544896,6129124,Tue Jun 30 11:29:13 2020,1593509353,<username>,121,4
        HEADER,ROUTING_TABLE,Virtual Address,Common Name,Real Address,Last Ref,Last Ref (time_t)
        ROUTING_TABLE,<vpn_ip>,<username>,<real_user_ip>:10911,Tue Jun 30 11:44:24 2020,1593510264
        GLOBAL_STATS,Max bcast/mcast queue length,0
        END
        

        whereas <username> is obviously the OpenVPN User connected, <vpn_ip> is the internal VPN IP handed out via OpenVPN and <real_user_ip> is its external IP where the client is connecting from. The "Connected Since" columns give you an idea about the login time / how long it's connected.

        Other values for "status" e.g. status 1 is more compact CSV-like or status 3 is more verbose with some spaces/tabs for formatting. Status 2 is a CSV-like export that should be good to use in other scripts or monitoring systems and is the same value pfSense itself uses when querying the management port via OpenVPN/Status page.

        Don't forget to upvote ๐Ÿ‘ those who kindly offered their time and brainpower to help you!

        If you're interested, I'm available to discuss details of German-speaking paid support (for companies) if needed.

        1 Reply Last reply Reply Quote 0
        • GertjanG
          Gertjan
          last edited by

          Didn't we have something comparable, where constantly OpenVPN server usage info was mailed away ?
          A couple of month ago, when everybody needed to know what OPENVPN was ... ?

          No "help me" PM's please. Use the forum, the community will thank you.
          Edit : and where are the logs ??

          1 Reply Last reply Reply Quote 0
          • JeGrJ
            JeGr LAYER 8 Moderator
            last edited by

            Can't remember but if you mean that thingy, where one would like a notification mail after a client has disconnected, I did some work on that little script, too. But that only gets triggered if a client disconnects. OK you could also include it for client connects, but as it sets up on the system notifications via mail, it could be "spammy" to use and only works with mails.

            Above variant can be triggered by pretty much any monitoring that can work with external scripts. Small simple shell script with the SSH connect and the status call to the socket, bit of awk/python/whatever magic to get the infos you want and report it back to the calling system :)

            Don't forget to upvote ๐Ÿ‘ those who kindly offered their time and brainpower to help you!

            If you're interested, I'm available to discuss details of German-speaking paid support (for companies) if needed.

            GertjanG 1 Reply Last reply Reply Quote 0
            • GertjanG
              Gertjan @JeGr
              last edited by

              @JeGr said in API log for OPEN VPN:

              it could be "spammy" to use and only works with mails.

              Could be ?
              I had to stop it after receiving thousands of emails per day.
              But oh boy, what was I informed ....

              No "help me" PM's please. Use the forum, the community will thank you.
              Edit : and where are the logs ??

              1 Reply Last reply Reply Quote 0
              • JeGrJ
                JeGr LAYER 8 Moderator
                last edited by

                Still running it on my homelab without a problem but yeah in a busy setting that can hurt ;)

                Don't forget to upvote ๐Ÿ‘ those who kindly offered their time and brainpower to help you!

                If you're interested, I'm available to discuss details of German-speaking paid support (for companies) if needed.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.