monitoring openvpn

This forum is for admins who are looking to build or expand their OpenVPN setup.
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
Skaperen
OpenVPN Power User
Posts: 87
Joined: Fri Aug 05, 2011 3:02 pm
Contact:

monitoring openvpn

Post by Skaperen » Sun May 13, 2018 5:06 am

i want to monitor my openvpn server for any failure modes, including those that openvpn cannot detect. some links may not be up because the remote is not up or not trying to connect (but could be up, so ping won't tell me much). is there a way to see a live list of what remotes have connected? with that i could ping the remotes and see if i get a reply within a designated time period. i don't know, yet, how best to deal with a partial outage, but if there is a full outage, i can either restart openvpn or reboot the host (if N restarts have been tried and the problem has not improved ... maybe a local network issue). clearly, links not intended to be up should not affect any recovery efforts.

or are there standard ways to do this, or anything built into openvpn. if any monitoring packages i want to limit this to FOSS.

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 4893
Joined: Fri Jun 03, 2016 1:17 pm

Re: monitoring openvpn

Post by TinCanTech » Sun May 13, 2018 12:10 pm

Skaperen wrote:
Sun May 13, 2018 5:06 am
is there a way to see a live list of what remotes have connected?
--status

Or you can write your own scripts using --up, --client-connect etc .. (like I did, called status3)
Skaperen wrote:
Sun May 13, 2018 5:06 am
i want to monitor my openvpn server for any failure modes
You want to rewrite --keepalive ?
Skaperen wrote:
Sun May 13, 2018 5:06 am
including those that openvpn cannot detect
Like what ?

Skaperen
OpenVPN Power User
Posts: 87
Joined: Fri Aug 05, 2011 3:02 pm
Contact:

Re: monitoring openvpn

Post by Skaperen » Mon May 14, 2018 7:36 am

i have, a while back, seen tunnels appear to be blackholed. i logged into both sides which had the interface configured and running. but all traffic routed to the tunnel just never showed up at the other end. no rejections like i would get if i took the tunnel down. looking at the physical interfaces simply saw no openvp traffic at all. i didn't have time to investigate more and just rebooted both hosts. in a few minutes all was back to normal.

Post Reply