list_clients does not include Teleport VPN clients

ZSamuels28 commented 3 months ago

When calling list_clients, it does not include Teleport VPN connected clients. For example, I have connected my iPhone via WifiMan to Unifi and it shows in the dashboard with a specific VLAN, but this client does not show up at all when calling a full list_clients

malle-pietje commented 3 months ago

I don’t use Teleport so I’m unable to replicate/fix I’m afraid. Maybe someone with Teleport can analyse where the VPN client data in the UI is pulled from?

ZSamuels28 commented 3 months ago

I was poking around trying to find where the VPN client data is pulled from but couldn't find it in browser tools. It does show up as a client in the clients list in the UI, but only shows the device name and IP, no other details.

Any ideas where I would look for where the VPN client data is pulled from?

malle-pietje commented 3 months ago

Make sure you are connected directly, not through unifi.ui.com, when going through the browser developer tools. It could be that this data is not exposed through the API like with some of the DPI output.

thib3113 commented 3 months ago

Can't try a lot .

But I found this : on the UI, it does a request to https://unifi/proxy/network/v2/api/site/default/clients/active?includeTrafficUsage=true&includeUnifiDevices=true

and it returns :

[
    {
        "assoc_time": 123,
        "display_name": "device display name",
        "external_client_id": "123456",
        "id": "123456",
        "ip": "192.168.1.1",
        "last_seen": 123,
        "name": "device name",
        "network_id": "1234",
        "rx_bytes": 123,
        "rx_packets": 123,
        "site_id": "123",
        "status": "online",
        "token_id": "123",
        "tx_bytes": 123,
        "tx_packets": 123,
        "type": "TELEPORT",
        "uptime": 123
    }
]

Thanks, do you have more parameters/vales that can be passed as payload? Would be nice to support and document that.

malle-pietje commented 3 months ago

Nice. If someone can verify this we can either create an example file using the custom method or add a specific method to the class.

ZSamuels28 commented 3 months ago

Can confirm: https://unifi/proxy/network/v2/api/site/default/clients/active shows Teleport clients

I tried using the custom_api_request but couldn't get it to return anything :(

malle-pietje commented 3 months ago

Can confirm: https://unifi/proxy/network/v2/api/site/default/clients/active shows Teleport clients

I tried using the custom_api_request but couldn't get it to return anything :(

Care to share your code?

ZSamuels28 commented 3 months ago

require(__DIR__ . '/Unifi-API-client/Client.php');
require(__DIR__ . '/Unifi-API-client/config.php');
require(__DIR__ . '/../vendor/autoload.php');

function createUnifiClient() {
    global $controlleruser, $controllerpassword, $controllerurl, $site_id, $controllerversion;
    try {
        $unifiClient = new UniFi_API\Client($controlleruser, $controllerpassword, $controllerurl, $site_id, $controllerversion);
        $unifiClient->login();
    } catch (Exception $e) {
        // Handle error appropriately
        error_log($e->getMessage());
        return null;
    }
    return $unifiClient;
}

$unifiClient = createUnifiClient();

if ($unifiClient === null) {
    exit('Failed to create UniFi Client.');
}

$outputFile = 'clients.txt';
file_put_contents($outputFile, "");

try {
    $path = '/proxy/network/v2/api/site/default/clients/active';
    $method = 'GET';
    $clients = $unifiClient->custom_api_request($path, $method, null, 'array');
    $clientDetails = print_r($clients, true);
    file_put_contents($outputFile, $clientDetails);
} catch (Exception $e) {
    error_log($e->getMessage());
}

I have a separate config.php:

<?php
/**
 * UniFi Controller configuration
 */

// Controller user details
$controlleruser     = getenv('UNIFI_CONTROLLER_USER') ?: ''; // the user name for access to the UniFi Controller
$controllerpassword = getenv('UNIFI_CONTROLLER_PASSWORD') ?: ''; // the password for access to the UniFi Controller
$controllerurl      = getenv('UNIFI_CONTROLLER_URL') ?: ''; // full URL to the UniFi Controller, eg. 'https://22.22.11.11:8443'
$controllerversion  = getenv('UNIFI_CONTROLLER_VERSION') ?: ''; // the version of the Controller software

// Site ID
$site_id            = getenv('UNIFI_SITE_ID') ?: 'default'; // the site ID

// Debug mode
$debug = false; // set to true to enable debug output to the browser and the PHP error log
?>

malle-pietje commented 3 months ago

And what happens when you leave out the /proxy/network prefix from the path? That part is already added when talking to a UniFi OS device.

ZSamuels28 commented 3 months ago

This works! Here is a sample of what is returned:

For a normal client:

For a teleport client:

[30] => stdClass Object
        (
            [assoc_time] => 1710867384
            [display_name] => [obfuscated]
            [external_client_id] => [obfuscated]
            [id] => [obfuscated]
            [ip] => [obfuscated]
            [last_seen] => 1710870737
            [name] => [obfuscated]
            [network_id] => [obfuscated]
            [rx_bytes] => 3441392
            [rx_packets] => 14881
            [site_id] => [obfuscated]
            [status] => online
            [token_id] => [obfuscated]
            [tx_bytes] => 23003292
            [tx_packets] => 27326
            [type] => TELEPORT
            [uptime] => 3353
        )

malle-pietje commented 3 months ago

I’ll see what can best be done to support this. For now this example is 👍

ZSamuels28 commented 3 months ago

Sounds good, I'll add an experimental section to my app here that allows for Teleport enabling and uses the custom_api:

Appreciate all of your help and work on this!

Art-of-WiFi / UniFi-API-client

list_clients does not include Teleport VPN clients #220