URL Monitoring for OpenVPN clients
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
-
- OpenVpn Newbie
- Posts: 1
- Joined: Sat May 28, 2022 5:30 am
URL Monitoring for OpenVPN clients
Hi everybody, I configured OpenVPN on a server an I want to monitor URL visited by clients when connected to internet through VPN.Is there any way?
- openvpn_inc
- OpenVPN Inc.
- Posts: 1333
- Joined: Tue Feb 16, 2021 10:41 am
Re: URL Monitoring for OpenVPN clients
Hi David,
I assume you must be talking about a full tunnel VPN, --redirect-gateway in openvpn terms. If you're forcing clients' DNS queries through your own nameserver, see that nameserver software's documentation on how to configure it to log all queries. Then find or write some addon software to parse those logs and give you a report.
If your clients are using dnscrypt software for DNS over HTTPS (DoH) and/or DNS over TLS (DoT), while their queries will be forced through the VPN you will not be able to see them.
Likewise, most web traffic these days is encrypted, so the most you will get is the hostname from DNS queries. You won't be able to know the path and arguments after "https://hostname.example/". If you wanted to try to get some of that part, you could run web proxy software.
All in all, this is not a trivial task.
regards, rob0
I assume you must be talking about a full tunnel VPN, --redirect-gateway in openvpn terms. If you're forcing clients' DNS queries through your own nameserver, see that nameserver software's documentation on how to configure it to log all queries. Then find or write some addon software to parse those logs and give you a report.
If your clients are using dnscrypt software for DNS over HTTPS (DoH) and/or DNS over TLS (DoT), while their queries will be forced through the VPN you will not be able to see them.
Likewise, most web traffic these days is encrypted, so the most you will get is the hostname from DNS queries. You won't be able to know the path and arguments after "https://hostname.example/". If you wanted to try to get some of that part, you could run web proxy software.
All in all, this is not a trivial task.
regards, rob0
OpenVPN Inc.
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support