Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Need to log OVPN user activity to syslog server. How ?

    OpenVPN
    3
    4
    309
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      AlexMercer last edited by

      So I as you can imagine I am fairly new to pfsense, I've got 2x Netgate XG-7100 working in HA for OVPN Server and I would like to log user activity, but so far I haven't been able to see a way to do that.
      My setup is pretty simple :

      [ DMZ interface public IP ]--[ pfSense ]--[ lan interface private IP ]

      The clients connect to the public IP and have access to the resources in the LAN, I had to use TUN mode ( would have preferred TAP, but there were circumstances that require TUN ), so the clients that connect to the VPN communicate with an internal gateway and pretty much all I can see from the logs in the LAN is a bunch of traffic coming from the pfsense lan interface. But in reality behind that IP are all the clients, it serves as NAT with internal gateway.
      My question is how do I log the activity of every user and every IP from the pfsense? I would want to have all the tcp/udp sessions opened and closed logged .
      I am going to use graylog as a logging solution.
      Any help would be appreciated!
      Thanks in advance.

      DaddyGo bingo600 2 Replies Last reply Reply Quote 0
      • DaddyGo
        DaddyGo @AlexMercer last edited by

        @alexmercer said in Need to log OVPN user activity to syslog server. How ?:

        I am going to use graylog as a logging solution.

        Hi,

        I think the best solution is to install something like this, and pick up some OVPN sensors:

        https://github.com/VictorRobellini/pfSense-Dashboard
        https://forum.netgate.com/topic/152132/grafana-dashboard-using-telegraf-with-additional-plugins

        Cats bury it so they can't see it!
        (You know what I mean if you have a cat)

        1 Reply Last reply Reply Quote 0
        • bingo600
          bingo600 LAYER 8 @AlexMercer last edited by

          @alexmercer

          Hope you have a huge & fast storage array 😊
          Logs could fill more than the user traffic.

          That said OpenVPN TUN mode is normal L3 traffic.
          Once the client is connected it is "Clean IP traffic" , and you would just log everything. Both permit rules , and deny rules.

          But to make that visible in a sensible way ....

          Btw: Who would prefer Bridging to Routing ??

          /Bingo

          If you find my answer useful - Please give the post a 👍 - "thumbs up"

          pfSense+ 22.05 (ZFS)

          QOTOM-Q355G4 Quad Lan.
          CPU  : Core i5 5250U, Ram : 8GB Kingston DDR3LV 1600
          LAN  : 4 x Intel 211, Disk  : 250G EVO870 Sata SSD

          DaddyGo 1 Reply Last reply Reply Quote 0
          • DaddyGo
            DaddyGo @bingo600 last edited by DaddyGo

            @bingo600 said in Need to log OVPN user activity to syslog server. How ?:

            Btw: Who would prefer Bridging to Routing ??

            Hmmm, Hi 😉

            don't declare this like this, just think of branch to branch (VPN)

            TUN and TAP are not in vain (developers are not stupid)

            +++edit:

            yeah and nowadays the log files are the ones that take up the least space in a logged environment...

            we store a lot more nonsense stuff, like your FaceBoo... ksit stuff, just kidding.... you don't have FB 😉

            Cats bury it so they can't see it!
            (You know what I mean if you have a cat)

            1 Reply Last reply Reply Quote 0
            • First post
              Last post