How to view connected users to open vpn server?

Question

I'm developing a website for managing OpenVPN users with Django framework. But I need to know is there any way to extract active users from OpenVPN? My server is running Ubuntu 12.04.

score 115 · Accepted Answer · edited Mar 28 '16 at 12:17

There should be a status log you can look at to show you, mine is, for examle:

cat /etc/openvpn/openvpn-status.log

EDIT:

As an alternative, adding the flag --management IP port [pw-file] or adding that same directive to your server.conf, for example:

management localhost 7505

This would allow you to telnet to that port and offer you a list of commands to run:

telnet localhost 7505

help

score 25 · Answer 2 · edited Feb 19 '18 at 13:31

To complete @sekrett answer :

killall -USR2 openvpn ; tail -f /var/log/syslog

It will keep running, it's not a "regular" kill, just a request to print some stats.

Displayed statistics are very readable. Sample output :

Oct 14 07:34:14 vpn2 openvpn[20959]: Updated,Fri Oct 14 07:34:14 2016
Oct 14 07:34:14 vpn2 openvpn[20959]: Common Name,Real Address,Bytes Received,Bytes Sent,Connected Since
Oct 14 07:26:26 vpn2 openvpn[20959]:
10.8.0.132,hostname1,213.219.XXX.XXX:63765,Fri Oct 14 07:25:01 2016
Oct 14 07:26:26 vpn2 openvpn[20959]:
10.8.0.242,hostname2,213.219.XXX.XXX:62416,Sun Sep 25 03:49:19 2016

score 17 · Answer 3 · answered Jul 22 '19 at 16:44

I manage our companys OpenVPN servers and the way I see active connections is like this,

add to /etc/openvpn/server.conf

management 127.0.0.1 5555

restart openvpn server

systemctl restart openvpn@server.service

add an OpenVPN Monitor Python package - this will run via a Gunicorn web server and show active connections,

mkdir /opt/openvpn-monitor

create a virtual env (not required but good practice with py packages)

cd /opt/openvpn-monitor
virtualenv venv
source venv/bin/activate

install required packages

pip install openvpn-monitor gunicorn

add a Monitor config file

vi /opt/openvpn-monitor/openvpn-monitor.conf

[openvpn-monitor]
site=your-openvpn-site
#logo=logo.jpg
#latitude=40.72
#longitude=-74
maps=True
geoip_data=/var/lib/GeoIP/GeoLite2-City.mmdb
datetime_format=%d/%m/%Y %H:%M:%S

[VPN1]
host=localhost
port=
name=Your VPN Server Name
show_disconnect=False

start the web server that will show active connections,

gunicorn openvpn-monitor -b 0.0.0.0:80 --name openvpn-monitor --daemon

To stop monitor

pkill gunicorn

to see active connections, go to the public IP of your VPN server

http://<ip of openvpn server>

make sure to configure proper firewall for port 80, whitelist only trusted inbound IPs

score 12 · Answer 4 · answered May 04 '16 at 10:24

I got the same need myself and the easiest solution I found out was to use as mentioned telnet to connect to the management interface(you'll have to add :management localhost 6666, in the server config file) .

To get the exact number of client you can do :

telnet localhost 6666
status

Then you'll get lot of logs :

10.9.10.11,test-docker,52.58.48.98:56859,Wed May  4 09:37:34 2016
10.9.7.45,test-docker,52.58.156.80:38774,Wed May  4 09:36:59 2016
10.9.1.103,test-docker,52.58.161.230:52201,Wed May  4 09:35:47 2016
GLOBAL STATS
Max bcast/mcast queue length,0
END
>CLIENT:ESTABLISHED,19845
>CLIENT:ENV,n_clients=19361
>CLIENT:ENV,time_unix=1462357164

look for => >CLIENT:ENV,n_clients=19361

In my case since I have a very large number of client, using the log file is definitely not very practical.

score 5 · Answer 5 · answered Jul 06 '16 at 15:13

5

You can also send usr2 signal to openvpn process to make it write statistic information to syslog. This is safe, you don't need to reboot in case you did not enable management interface before.

answered Jul 06 '16 at 15:13

sekrett

181

BouncingSoles · Answer 6 · 2018-09-17T18:38:17.013

2

Just use sacli with the following command. This will list the connected VPN clients.

/usr/local/openvpn_as/scripts/sacli VPNSummary
{
"n_clients": 15
}

To see all the IPs use this option. ./sacli VPNStatus

edited Sep 17 '18 at 18:38

answered Aug 17 '18 at 15:11

BouncingSoles

29

Andrija Jostergård · Answer 7 · 2021-12-07T15:59:17.500

I made a litte script that can either do a one time check or be set to keep monitoring with specified intervalls.

I hink this is better than monitoring the /etc/openvpn/openvpn-status.log since this is really slow to update. Maybe there's a way to adjust the intervalls in some settings BUT, I only need to monitor the vpn connections sometimes. Not 24/7. Also its quite a messy log.

This script is on the OpenVPN server. Only tested on Ubuntu 20.04

One time run just do:

./ovpn-activity.sh

To keep monitoring with a 20 second intervall:

./ovpn-activity.sh view 20

Save this to .sh file (example oven-activity.sh):

Make sure to change the VPN subnet to match yours.

#!/bin/bash
SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )"
MODIFY this to match your network
vpn_network="0.0.0.0/24"
####### FUNCTIONS ########
act_check () {
sudo echo "looking for active clients"
#Look for Virtual IPs that are online and save them.
activeIPs=$(fping -ag "$vpn_network")
i=0
for ip in $activeIPs; do
        if [[ $i -eq 0 ]]
        then
                i=$i+1
                continue
        fi
    echo &quot; -- Active --&quot;
    echo &quot;| &quot;$(sudo grep '/.*Learn: '$ip /var/log/openvpn.log | head -1 | sed 's/\/.*$//')
    echo &quot;| ip: $ip&quot;
    echo &quot; ------------&quot;
    echo &quot; &quot;

done
}
##########################
if [ "$1" = "view" ] ; then
    echo "view is set"
    if [ -z "$2" ] ; then
        watch "$SCRIPT_DIR""/ovpn-activity"
    else
    watch -n $2  "$SCRIPT_DIR""/ovpn-activity"
    fi
else
    act_check
fi
exit 0

There is no doubt room for improvements but im not a script genius. I needed it to see when colleagues where using the VPN so that I could see if it was safe to reboot the server. And if so, I could see who was online and call them to ask if it was ok to restart without interrupting their work.

score 0 · Answer 8 · answered Jan 12 '23 at 16:48

0

sudo tail -f /var/log/openvpn/status.log

In rasbian worked for me.

CTRL c to exit.

answered Jan 12 '23 at 16:48

David Swift KG5HFL

1

score 0 · Answer 9 · answered May 08 '25 at 14:16

for anyone needing to see active connections on their ovpn server, w/out running additional software, this bash script can show you all the details, needs to be run as root on the ovpn server itself

https://gist.github.com/perfecto25/6744d337aa1bce861a2c2aa28dc41a4a

this avoids security issues if running "openvpn-monitor" py package as it doesnt have any authentication mechanism

Parth Darji · Answer 10 · 2022-06-27T14:59:02.753

-1

Hey @perfecto25 I followed your steps for hosting the OpenVPN monitor, it is working, but now I am curious about adding one more security layer on top of it.

Is there a way to add user authentication to hosted OpenVPN monitor tool on gunicorn, as it contains vulnerable user information?

edited Jun 27 '22 at 14:59

answered Jun 27 '22 at 14:56

Parth Darji

1

How to view connected users to open vpn server?

10 Answers10

MODIFY this to match your network

Linked