Follow

How to enable simple SNMP support for OpenVPN

Version 2.5

Applies to Platform: UTM 2.4, 2.5, 4i Edge 2.4, 2.5
Updated on 15th of July 2015

This lesson contains guidelines to implement a basic SNMP support for OpenVPN.

Prerequisites

Endian UTM appliance > 2.4

PC with Linux OS and SNMP client.

Change OpenVPN status log output

Create a custom template file for OpenVPN Server with the following command:

root@endian:~# nano /var/efw/openvpn/openvpn.tmpl

The file doesn't exists by default, just copy and paste in it the following line:

status-version 2

This will ensure a "csv" style formatted output in /var/log/openvpn/openvpn-status.log that will be loaded then by SNMP.

Edit the configuration template of SNMP daemon

root@endian:~# nano /etc/snmp/snmpd.conf.tmpl

At the end of the file you should add the following string: extend openvpn /bin/cat /var/log/openvpn/openvpn-status.log like shown here:

[...]
#if $DS.get('PROXY',{}).get('SETTINGS',{}).get('PROXY_ENABLED','off') == 'on'
proxy -v2c -c public 127.0.0.1:3401 .1.3.6.1.4.1.3495
#end if

# Custom extension to add OpenVPN status support
extend openvpn /bin/cat /var/log/openvpn/openvpn-status.log

The openvpn word after extend is just a label, useful to retrieve the information with the snmp agent.

Warning

This customization is not stored in backups and may be overwritten when the efw-snmpd package is upgraded.

Reload SNMP and OpenVPN daemons to apply the changes

Now restart the SNMP and OpenVPN server daemons. If you use an Endian UTM Appliance up to version 2.4 (except mini ARM 2.4):

root@endian:~# restartsnmp
root
@endian:~# restartopenvpn

If you use a mini ARM or an Endian UTM Appliance 2.5, use jobsengine:

root@endian:~# jobcontrol restart snmp
root
@endian:~# jobcontrol restart openvpnjob

Retrieve the connected user through SNMP

Use the command snmpget on your Linux box

user@linux:~# snmpget -On -v 2c -c public GREENIP NET-SNMP-EXTEND-MIB::nsExtendOutputFull.\"openvpn\"
.1.3.6.1.4.1.8072.1.3.2.3.1.2.7.111.112.101.110.118.112.110 = STRING: TITLE,OpenVPN 2.1.1 i586-pc-linux [SSL] [LZO2] [EPOLL] built on Aug  6 2010
TIME,Wed May  9 12:21:41 2012,1336558901
HEADER,CLIENT_LIST,Common Name,Real Address,Virtual Address,Bytes Received,Bytes Sent,Connected Since,Connected Since (time_t)
CLIENT_LIST,vpn1,1.183.120.150:34059,192.168.9.25,41932,40652,Wed May  9 12:13:00 2012,1336558380
CLIENT_LIST,vpn2,2.24.66.31:48675,192.168.9.198,601525,651333,Wed May  9 12:11:35 2012,1336558295
CLIENT_LIST,vpn3,3.247.168.156:52926,192.168.9.24,31622,47035,Wed May  9 12:11:00 2012,1336558260
HEADER,ROUTING_TABLE,Virtual Address,Common Name,Real Address,Last Ref,Last Ref (time_t)
ROUTING_TABLE,00:03:27:80:c1:a4,vpn3,3.247.168.156:52926,Wed May  9 12:21:39 2012,1336558899
ROUTING_TABLE,00:03:27:80:a1:1b,vpn1,1.183.120.150:34059,Wed May  9 12:21:39 2012,1336558899
ROUTING_TABLE,92:0b:d3:f2:f0:c4,vpn2,2.24.66.31:48675,Wed May  9 12:21:40 2012,1336558900
GLOBAL_STATS,Max bcast/mcast queue length,38
END
Have more questions? Submit a request

Comments