Monitor Road Warrior VPN (pptp,IPSec, OpenVPN) by SNMP

elbuit

Hi all.
I'm monitoring VPN roadwarriors using cacti:

I've a pfsense box acting as VPN server.
PPTP, IPsec (Xauth) and OpenVPN protocols are allowed.

When I tried to graph users logged using cacti I did'nt found any OID to get concurrent users for these protocols.

I've solved this editing /var/etc/snmpd.conf and using ucd extensions.

To do this and have a custom OID for a PPTP, IPsec (Xauth) and OpenVPN concurrent users you should edit /etc/inc/services.inc

-Go to Diagnostics: Edit file and load  /etc/inc/services.inc

-Then add this lines after %ucd string:

extNames.0 = "PPTP Sessions"
extCommand.0 = "/usr/bin/netstat -rn | /usr/bin/grep pptpd | /usr/bin/grep ^REPLACE_THIS_begining_of_your_ip range_ie_192.168 | /usr/bin/wc -l| /usr/bin/tr -d \" \""
extNames.1 = "IPSEC Sessions"
extCommand.1 = "ipsec leases | grep host| grep online | wc -l|tr -d \" \""
extNames.2 = "OpenVPN Sessions"
extCommand.2 = "( ( echo \"status\" ; sleep 1 ; echo \"quit\" ) | nc -U /var/etc/openvpn/server1.sock | grep ^REPLACE_THIS_begining_of_your_ip range_ie_192.168  | wc -l | /usr/bin/tr -d \" \")"

OIDs are:
PPTP concurrent sessions iso.3.6.1.4.1.2021.8.1.101.0
IPSec mobile sessions :iso.3.6.1.4.1.2021.8.1.101.1
OpenVPN Sessions: iso.3.6.1.4.1.2021.8.1.101.2

You can also walk snmp:
snmpwalk -v2c -c public pfsense.server.com .1.3.6.1.4.1.2021.8.1

Remember that these changes will be lost when  you upgrade pfsense box  :(

PS: I use cacti to graph vpn users