5

How do you know if a site to site VPN tunnel is established in OpenVPN? Apart from pinging the other side, is there a command or something that shows the status of the tunnel?

slm
  • 8,010
Lock
  • 1,787

5 Answers5

1

While --status provides information about the status of the VPN, it's not something that you can reliable parse for the connection status in my experience.

While you can just use something like --up "/usr/bin/touch /tmp/openvpn-connected" (indeed use an unique path or a random value content with something like --up "/usr/bin/env bash -c 'echo $random_id > /tmp/openvpn-connected'" that you eventually will wait for).

Then just wait for the file or its content to appear (you can use ionotifywait, tail -n0 -f /tmp/openvpn-connected | sed "/$random_id/ q" or a simpler timeout 10 bash -c 'while [ ! -e /tmp/openvpn-connected ]; do sleep 0.5; done') as answered in other questions:

Can also use --down '/usr/bin/rm /tmp/openvpn-connected' to drop it once connection is gone

Treviño
  • 111
1

In addition to what @quanta suggested:

  1. Use OpenVPN management interface and its "status" command.

"man openvpn" will tell you how to set up and use this interface (search for "--management")

OpenVPN in peer-to-peer (1.x), server (2.x) and client (2.x) mode produces different outputs, but it will let you see if it is connected. In server mode it will list all connected clients.

  1. OpenVPN could dump its status to text file every n seconds. Again, "man openvpn" (look for "--status"). Contents of the file will be exactly same that management status command produces.

  2. OpenVPN could execute arbitrary script when connection is established, closed, daemon started or before shutdown etc., in practice you can script almost any movement. Nothing forbids you from using, say, desktop notification from the hook script.

Search for "SCRIPTING" in "man openvpn".

Of course, each of these options can be added into openvpn config file, if you omit leading "--".

In general, I strongly advise you to read the man page completely, just to be aware of what it could do and what are consequences.

Nikita Kipriyanov
  • 15,624
1

openvpn config:

# Output a short status file showing
# current connections, truncated
# and rewritten every minute.
status /var/log/openvpn.status

/var/log/openvpn.status:

OpenVPN CLIENT LIST                                                      
Updated,Fri Aug 10 09:35:37 2018                                         
Common Name,Real Address,Bytes Received,Bytes Sent,Connected Since       
client3,111.222.33.44:57006,24439169,25564869,Tue Jun 26 21:07:37 2018  
raspberry,44.33.222.111:43656,17175937,18342688,Mon Jul  9 12:58:34 2018
ROUTING TABLE                                                            
Virtual Address,Common Name,Real Address,Last Ref                        
172.20.0.18,client3,111.222.33.44:57006,Tue Jun 26 21:07:39 2018        
172.20.0.14,raspberry,44.33.222.111.50:43656,Mon Jul  9 12:58:35 2018      
GLOBAL STATS                                                             
Max bcast/mcast queue length,0                                           
END

you can easily parse it

exeral
  • 1,922
0
  1. Check the logs file on the both side.
  2. sudo /sbin/ifconfig to make sure that tun/tap interface up and running.
  3. route -n to examize the routing table.
quanta
  • 52,423
0

Simply use the following command on terminal window.

tail -f -n 15 /var/log/openvpn/status.log

OpenVPN CLIENT LIST
Updated,XXXXXXXXXXXX
Common Name,Real Address,Bytes Received,Bytes Sent,Connected Since
XXXXXXXXXXXX
XXXXXXXXXXXX
ROUTING TABLE
Virtual Address,Common Name,Real Address,Last Ref
XXXXXXXXXXXX
GLOBAL STATS
Max bcast/mcast queue length,1
END
Community
  • 1
Don Dilanga
  • 242
  • 3
  • 9