Closed kidmock closed 7 years ago
I would like to add this functionality, but it looks like the source port will be removed from the management interface. See https://community.openvpn.net/openvpn/ticket/664 for more details.
Thanks for for trying. That really sucks. I wonder if they will come up with an alternative way to find unique connections. I guess I'll fork and use my crappy work around since I don't use ipv6
Currently the port is there for ipv4 addresses in openvpn < 2.4, but according to that bug report, the port will disappear in 2.4, for both ipv4 and ipv6.
Yeah, I get it If you enable this feature with 2.4 or ipv6 You run the risk of nuking all users. :( Bummer. I'm not mad
Can you see if 9c5969f60872b336f4055561330380b6cea89f62 gives you the functionality you are looking for?
Well.... It looks good but doesn't work :)
Additionally, semantic_version isn't available from epel on RHEL/CentOS 6.x. I had to install from pip.
pip install semantic_version
I'll do some debugging this evening and get you more feedback.
Ok here's what I can observe. Sorry I'm a network dude not a developer. :)
When I hit the disconnect button, the Form Data is being set in the request:
vpn_id:VPN1
ip:***.***.***.***
port:35827
However this conditional is never true:
if 'vpn_id' in kwargs:
I've tried to reproduce this on CentOS 6 but it works fine for me. Are you using the latest commit? If not, can you try it?
If it still doesn't work, can you print kwargs to see what is in it?
I threw in some additional logging but I'm not sure how to debug any further.
--- openvpn-monitor/openvpn-monitor.py 2017-01-05 11:21:13.196328443 +0000
+++ monitor/openvpn-monitor.py 2017-01-05 11:40:16.486459071 +0000
@@ -146,8 +146,10 @@
def __init__(self, cfg, **kwargs):
self.vpns = cfg.vpns
+ info('Initialize OpenvpnMgmtInterface class')
if 'vpn_id' in kwargs:
+ info('vpn_id is in kwargs')
self._socket_connect(self.vpns[kwargs['vpn_id']])
if self.s:
version = self.send_command('version\n')
tried to post data with curl
curl -u username 'https://localhost/monitor/openvpn-monitor.py' --data 'vpn_id=VPN1&ip=***.***.***.***.&port=41630'
With the log results
[Thu Jan 05 11:54:28 2017] [error] [client ***.***.***.***] INFO: Using config file: ./openvpn-monitor.conf, referer: https://localhost/monitor/openvpn-monitor.py
[Thu Jan 05 11:54:28 2017] [error] [client ***.***.***.***] INFO: Initialize OpenvpnMgmtInterface class, referer: https://localhost/monitor/openvpn-monitor.py
Thoughts?
Yes, I pulled down a fresh copy of the code just before I ran my test.
Try info(kwargs)
def __init__(self, cfg, **kwargs):
self.vpns = cfg.vpns
+ info('Initialize OpenvpnMgmtInterface class')
+ info(kwargs)
+ info('End')
if 'vpn_id' in kwargs:
+ info('vpn_id is in kwargs')
self._socket_connect(self.vpns[kwargs['vpn_id']])
if self.s:
version = self.send_command('version\n')
yup Definitely not seeing the post data. hmmm
[Thu Jan 05 12:36:46 2017] [error] [client **.***.***.***] INFO: Initialize OpenvpnMgmtInterface class, referer: https://localhost/monitor
[Thu Jan 05 12:36:46 2017] [error] [client **.***.***.***] INFO: {}, referer: https://localhost/monitor
[Thu Jan 05 12:36:46 2017] [error] [client **.***.***.***] INFO: End, referer: https://localhost/monitor
The only thing I can think of is I use LINOTP which is also a WSGI app. There might be some interference.
I'll have to really dig to see why the post data isn't being passed.
Could you insert info(kwargs)
into main() and render() ?
That way we can see at what point it gets lost.
@kidmock any luck debugging this issue?
I'm going to close this issue for now, as I can't reproduce. If you can reproduce, please re-open and add further details.
Hello I think your tool is awesome. However, I think it would be even better if you could disconnect active clients.
I managed to add this feature in my own hacky way by creating a button to a php script. But it would be great if this was native to your python program? What do you think?
Here are the changes I made
Here's my crappy PHP
And a screenshot of how it looks