Monitor Road Warrior VPN (pptp,IPSec, OpenVPN) by SNMP
-
Hi all.
I'm monitoring VPN roadwarriors using cacti:I've a pfsense box acting as VPN server.
PPTP, IPsec (Xauth) and OpenVPN protocols are allowed.When I tried to graph users logged using cacti I did'nt found any OID to get concurrent users for these protocols.
I've solved this editing /var/etc/snmpd.conf and using ucd extensions.
To do this and have a custom OID for a PPTP, IPsec (Xauth) and OpenVPN concurrent users you should edit /etc/inc/services.inc
-Go to Diagnostics: Edit file and load /etc/inc/services.inc
-Then add this lines after %ucd string:
extNames.0 = "PPTP Sessions" extCommand.0 = "/usr/bin/netstat -rn | /usr/bin/grep pptpd | /usr/bin/grep ^REPLACE_THIS_begining_of_your_ip range_ie_192.168 | /usr/bin/wc -l| /usr/bin/tr -d \" \"" extNames.1 = "IPSEC Sessions" extCommand.1 = "ipsec leases | grep host| grep online | wc -l|tr -d \" \"" extNames.2 = "OpenVPN Sessions" extCommand.2 = "( ( echo \"status\" ; sleep 1 ; echo \"quit\" ) | nc -U /var/etc/openvpn/server1.sock | grep ^REPLACE_THIS_begining_of_your_ip range_ie_192.168 | wc -l | /usr/bin/tr -d \" \")"
OIDs are:
PPTP concurrent sessions iso.3.6.1.4.1.2021.8.1.101.0
IPSec mobile sessions :iso.3.6.1.4.1.2021.8.1.101.1
OpenVPN Sessions: iso.3.6.1.4.1.2021.8.1.101.2You can also walk snmp:
snmpwalk -v2c -c public pfsense.server.com .1.3.6.1.4.1.2021.8.1Remember that these changes will be lost when you upgrade pfsense box :(
PS: I use cacti to graph vpn users