Applies to Platform: UTM 2.4, 2.5, 4i Edge 2.4, 2.5
Updated on 15th of July 2015
This lesson contains guidelines to implement a basic SNMP support for OpenVPN.
Prerequisites
Endian UTM appliance > 2.4
PC with Linux OS and SNMP client.
Change OpenVPN status log output
Create a custom template file for OpenVPN Server with the following command:
root@endian:~# nano /var/efw/openvpn/openvpn.tmpl
The file doesn't exists by default, just copy and paste in it the following line:
status-version 2
This will ensure a "csv" style formatted output in /var/log/openvpn/openvpn-status.log that will be loaded then by SNMP.
Edit the configuration template of SNMP daemon
root@endian:~# nano /etc/snmp/snmpd.conf.tmpl
At the end of the file you should add the following string: extend openvpn /bin/cat /var/log/openvpn/openvpn-status.log like shown here:
[...]
#if $DS.get('PROXY',{}).get('SETTINGS',{}).get('PROXY_ENABLED','off') == 'on'
proxy -v2c -c public 127.0.0.1:3401 .1.3.6.1.4.1.3495
#end if
# Custom extension to add OpenVPN status support
extend openvpn /bin/cat /var/log/openvpn/openvpn-status.log
The openvpn word after extend is just a label, useful to retrieve the information with the snmp agent.
Warning
Reload SNMP and OpenVPN daemons to apply the changes
Now restart the SNMP and OpenVPN server daemons. If you use an Endian UTM Appliance up to version 2.4 (except mini ARM 2.4):
root@endian:~# restartsnmp
root@endian:~# restartopenvpn
If you use a mini ARM or an Endian UTM Appliance 2.5, use jobsengine:
root@endian:~# jobcontrol restart snmp
root@endian:~# jobcontrol restart openvpnjob
Retrieve the connected user through SNMP
Use the command snmpget on your Linux box
user@linux:~# snmpget -On -v 2c -c public GREENIP NET-SNMP-EXTEND-MIB::nsExtendOutputFull.\"openvpn\"
.1.3.6.1.4.1.8072.1.3.2.3.1.2.7.111.112.101.110.118.112.110 = STRING: TITLE,OpenVPN 2.1.1 i586-pc-linux [SSL] [LZO2] [EPOLL] built on Aug 6 2010
TIME,Wed May 9 12:21:41 2012,1336558901
HEADER,CLIENT_LIST,Common Name,Real Address,Virtual Address,Bytes Received,Bytes Sent,Connected Since,Connected Since (time_t)
CLIENT_LIST,vpn1,1.183.120.150:34059,192.168.9.25,41932,40652,Wed May 9 12:13:00 2012,1336558380
CLIENT_LIST,vpn2,2.24.66.31:48675,192.168.9.198,601525,651333,Wed May 9 12:11:35 2012,1336558295
CLIENT_LIST,vpn3,3.247.168.156:52926,192.168.9.24,31622,47035,Wed May 9 12:11:00 2012,1336558260
HEADER,ROUTING_TABLE,Virtual Address,Common Name,Real Address,Last Ref,Last Ref (time_t)
ROUTING_TABLE,00:03:27:80:c1:a4,vpn3,3.247.168.156:52926,Wed May 9 12:21:39 2012,1336558899
ROUTING_TABLE,00:03:27:80:a1:1b,vpn1,1.183.120.150:34059,Wed May 9 12:21:39 2012,1336558899
ROUTING_TABLE,92:0b:d3:f2:f0:c4,vpn2,2.24.66.31:48675,Wed May 9 12:21:40 2012,1336558900
GLOBAL_STATS,Max bcast/mcast queue length,38
END
Comments