Closed killmasta93 closed 4 years ago
rbicelli
commented
4 years ago Hi, at present time the template logs only the virtual ip address assigned by openVPN server. You could dig into values history which ips were assigned to a specific user. If you need the remote IP address of a particular user it has to be added in the template.
killmasta93
commented
4 years ago thanks for the reply, i was checking the logs, it shows how many users connected but does not show which user was connected? Thank you
rbicelli
commented
4 years ago Have you added and linked the optional template included?
killmasta93
commented
4 years ago thanks for the reply, i linked both templates to pfSense or did i miss something?
killmasta93
commented
4 years ago hi there so heres the screen shot
killmasta93
commented
4 years ago bump?
rbicelli
commented
4 years ago Please provide version of pfsense, version of zabbix and output of pfsense_zbx.php, masking sensitive data.
killmasta93
commented
4 years ago Thanks for the reply, pfsense 2.4.5-p1 zabbix: on pfsense 4.4 as for the output of the pfsense_zabbix.php not sure how i can show the output?
Thank you
rbicelli
commented
4 years ago Login to pfsense shell and issue command:
php /path/where/you/installed/the/script/pfsense_zbx.php
killmasta93
commented
4 years ago Thanks for the reply, here is the output
OPENVPN Servers:
Array
(
[0] => Array
(
[port] => 1194
[mode] => server_tls_user
[name] => Remote Access UDP4:1194
[conns] => Array
(
)
[vpnid] => 1
[mgmt] => server1
)
[1] => Array
(
[port] => 1195
[mode] => p2p_shared_key
[name] => Server UDP4:1195
[conns] => Array
(
)
[vpnid] => 2
[mgmt] => server2
[status] => up
[connect_time] => Fri Jun 26 7:41:23 2020
[virtual_addr] => 192.168.20.1
[remote_host] => 190.144.xx.xx
[remote_port] => 50634
[local_host] => 200.116.xx.xx
[local_port] => 1195
[virtual_addr6] =>
[bytes_recv] => 18229008
[bytes_sent] => 14251120
)
)
-------------------
OPENVPN Clients:
Array
(
)
-------------------
Network Interfaces:
Array
(
[WAN] => Array
(
[hwif] => vtnet1
[enable] => 1
[if] => vtnet1
[status] => up
[macaddr] => d0:50:99:44:1e:e0
[mtu] => 1500
[ipaddr] => 181.136.xx.xx
[subnet] => 255.255.224.0
[linklocal] => fe80::d250:99ff:fe44:1ee0%vtnet1
[ipaddrv6] =>
[subnetv6] =>
[inerrs] => 0
[outerrs] => 0
[collisions] => 0
[inbytespass] => 22807955311
[outbytespass] => 11545875844
[inpktspass] => 24465340
[outpktspass] => 46594720
[inbytesblock] => 62773245
[outbytesblock] => 1359
[inpktsblock] => 913598
[outpktsblock] => 9
[inbytes] => 22807955311
[outbytes] => 11545875844
[inpkts] => 24465340
[outpkts] => 46594720
[dhcplink] => up
[media] => 10Gbase-T <full-duplex>
[gateway] => 181.136.xx.xx
[gatewayv6] =>
)
[LAN] => Array
(
[hwif] => vtnet2
[enable] => 1
[if] => vtnet2
[status] => up
[macaddr] => 4e:1c:63:bc:d3:fc
[mtu] => 1500
[ipaddr] => 192.168.3.254
[subnet] => 255.255.255.0
[linklocal] => fe80::4c1c:63ff:febc:d3fc%vtnet2
[ipaddrv6] =>
[subnetv6] =>
[inerrs] => 0
[outerrs] => 0
[collisions] => 0
[inbytespass] => 16759467922
[outbytespass] => 28979723787
[inpktspass] => 116946557
[outpktspass] => 135497838
[inbytesblock] => 7072314
[outbytesblock] => 1440
[inpktsblock] => 56419
[outpktsblock] => 27
[inbytes] => 16759467922
[outbytes] => 28979723787
[inpkts] => 116946557
[outpkts] => 135497838
[media] => 10Gbase-T <full-duplex>
)
[EMAIL] => Array
(
[hwif] => vtnet0
[enable] => 1
[if] => vtnet0
[status] => up
[macaddr] => 6e:67:fe:97:22:ee
[mtu] => 1500
[ipaddr] => 200.116.xx,.xx
[subnet] => 255.255.255.0
[linklocal] => fe80::6c67:feff:fe97:22ee%vtnet0
[ipaddrv6] =>
[subnetv6] =>
[inerrs] => 0
[outerrs] => 0
[collisions] => 0
[inbytespass] => 13744091215
[outbytespass] => 5065056489
[inpktspass] => 103474653
[outpktspass] => 82679195
[inbytesblock] => 1971161
[outbytesblock] => 0
[inpktsblock] => 35696
[outpktsblock] => 0
[inbytes] => 13744091215
[outbytes] => 5065056489
[inpkts] => 103474653
[outpkts] => 82679195
[dhcplink] => up
[media] => 10Gbase-T <full-duplex>
[gateway] => 200.116.xx.xx
[gatewayv6] =>
)
[INVITADOS] => Array
(
[hwif] => vtnet2.3
[enable] => 1
[if] => vtnet2.3
[status] => up
[macaddr] => 4e:1c:63:bc:d3:fc
[mtu] => 1500
[ipaddr] => 192.168.12.254
[subnet] => 255.255.255.0
[linklocal] => fe80::4c1c:63ff:febc:d3fc%vtnet2.3
[ipaddrv6] =>
[subnetv6] =>
[inerrs] => 0
[outerrs] => 0
[collisions] => 0
[inbytespass] => 1439922619
[outbytespass] => 9674015916
[inpktspass] => 6754827
[outpktspass] => 8977359
[inbytesblock] => 8132157
[outbytesblock] => 15647
[inpktsblock] => 97569
[outpktsblock] => 20
[inbytes] => 1439922619
[outbytes] => 9674015916
[inpkts] => 6754827
[outpkts] => 8977359
[media] => 10Gbase-T <full-duplex>
)
)
Array
(
[0] => vtnet0
[1] => vtnet1
[2] => vtnet2
[3] => lo0
[4] => enc0
[5] => pfsync0
[6] => pflog0
[7] => vtnet2.3
[8] => vtnet2.100
[9] => ovpns1
[10] => ovpns2
)
Array
(
[wan] => wan
[lan] => lan
[opt1] => opt1
[opt2] => opt2
)
-------------------
Services:
Array
(
[0] => Array
(
[name] => squid
[rcfile] => squid.sh
[executable] => squid
[description] => Squid Proxy Server Service
)
[1] => Array
(
[name] => clamd
[rcfile] => clamd.sh
[executable] => clamd
[description] => ClamAV Antivirus
)
[2] => Array
(
[name] => c-icap
[rcfile] => c-icap.sh
[executable] => c-icap
[description] => ICAP Inteface for Squid and ClamAV integration
)
[3] => Array
(
[name] => darkstat
[rcfile] => darkstat.sh
[executable] => darkstat
[description] => Darkstat bandwidth monitoring daemon
)
[4] => Array
(
[name] => pfb_dnsbl
[rcfile] => pfb_dnsbl.sh
[executable] => lighttpd_pfb
[description] => pfBlockerNG DNSBL service
)
[5] => Array
(
[name] => pfb_filter
[rcfile] => pfb_filter.sh
[executable] => php_pfb
[description] => pfBlockerNG firewall filter service
)
[6] => Array
(
[name] => zabbix_agentd
[rcfile] => zabbix_agentd.sh
[executable] => zabbix_agentd
[description] => Zabbix Agent Host Monitor Daemon
)
[7] => Array
(
[name] => squidGuard
[description] => Proxy server filter Service
[executable] => squidGuard
)
[8] => Array
(
[name] => haproxy
[rcfile] => haproxy.sh
[executable] => haproxy
[description] => TCP/HTTP(S) Load Balancer
)
[9] => Array
(
[name] => snort
[rcfile] => snort.sh
[executable] => snort
[description] => Snort IDS/IPS Daemon
)
[10] => Array
(
[name] => unbound
[description] => DNS Resolver
)
[11] => Array
(
[name] => ntpd
[description] => NTP clock sync
)
[12] => Array
(
[name] => syslogd
[description] => System Logger Daemon
)
[13] => Array
(
[name] => dhcpd
[description] => DHCP Service
)
[14] => Array
(
[name] => dpinger
[description] => Gateway Monitoring Daemon
)
[15] => Array
(
[name] => miniupnpd
[description] => UPnP Service
)
[16] => Array
(
[name] => sshd
[description] => Secure Shell Daemon
)
[17] => Array
(
[name] => openvpn
[mode] => server
[id] => 0
[vpnid] => 1
[description] => OpenVPN server: Remote Access
)
[18] => Array
(
[name] => openvpn
[mode] => server
[id] => 1
[vpnid] => 2
[description] => OpenVPN server:
)
)
-------------------
In this output there's no client connected to your vpn server.
killmasta93
commented
4 years ago thanks for the reply here is the output when user is connected to the VPN
php scripts/pfsense_zbx.php
OPENVPN Servers:
Array
(
[0] => Array
(
[port] => 1194
[mode] => server_tls_user
[name] => Remote Access UDP4:1194
[conns] => Array
(
[0] => Array
(
[common_name] => juser23
[remote_host] => 100.xxxx:1194
[virtual_addr] => 192.168.100.6
[virtual_addr6] =>
[bytes_recv] => 58697996
[bytes_sent] => 101923622
[connect_time] => Fri Jul 3 07:30:50 2020
[connect_time_unix] => 1593779450
[user_name] => juser23
[client_id] => 14
[peer_id] => 0
)
[1] => Array
(
[common_name] => uservpn
[remote_host] => 192.168.3.55:33913
[virtual_addr] => 192.168.100.2
[virtual_addr6] =>
[bytes_recv] => 33387
[bytes_sent] => 20104
[connect_time] => Fri Jul 3 09:31:20 2020
[connect_time_unix] => 1593786680
[user_name] => uservpn
[client_id] => 15
[peer_id] => 1
)
)
[vpnid] => 1
[mgmt] => server1
[routes] => Array
(
[0] => Array
(
[virtual_addr] => 192.168.100.6
[common_name] => juser23
[remote_host] => 100.85.96.55:1194
[last_time] => Fri Jul 3 09:31:40 2020
)
[1] => Array
(
[virtual_addr] => 192.168.100.2
[common_name] => uservpn
[remote_host] => 192.168.3.55:33913
[last_time] => Fri Jul 3 09:31:40 2020
)
)
)
[1] => Array
(
[port] => 1195
[mode] => p2p_shared_key
[name] => Server UDP4:1195
[conns] => Array
(
)
[vpnid] => 2
[mgmt] => server2
[status] => up
[connect_time] => Fri Jun 26 7:41:23 2020
[virtual_addr] => 192.168.20.1
[remote_host] => 190.xx,xx
[remote_port] => 50634
[local_host] => 200.xx.xx
[local_port] => 1195
[virtual_addr6] =>
[bytes_recv] => 21780528
[bytes_sent] => 17501024
)
)
-------------------
OPENVPN Clients:
Array
(
)
-------------------
Network Interfaces:
Array
(
[WAN] => Array
(
[hwif] => vtnet1
[enable] => 1
[if] => vtnet1
[status] => up
[macaddr] => d0:50:99:44:1e:e0
[mtu] => 1500
[ipaddr] => 181.xx.xx
[subnet] => 255.255.224.0
[linklocal] => fe80::d250:99ff:fe44:1ee0%vtnet1
[ipaddrv6] =>
[subnetv6] =>
[inerrs] => 0
[outerrs] => 0
[collisions] => 0
[inbytespass] => 32585439859
[outbytespass] => 22138774223
[inpktspass] => 37108478
[outpktspass] => 84529104
[inbytesblock] => 103257448
[outbytesblock] => 9587
[inpktsblock] => 1512272
[outpktsblock] => 76
[inbytes] => 32585439859
[outbytes] => 22138774223
[inpkts] => 37108478
[outpkts] => 84529104
[dhcplink] => up
[media] => 10Gbase-T <full-duplex>
[gateway] => 181.xx,xx
[gatewayv6] =>
)
[LAN] => Array
(
[hwif] => vtnet2
[enable] => 1
[if] => vtnet2
[status] => up
[macaddr] => 4e:1c:63:bc:d3:fc
[mtu] => 1500
[ipaddr] => 192.168.3.254
[subnet] => 255.255.255.0
[linklocal] => fe80::4c1c:63ff:febc:d3fc%vtnet2
[ipaddrv6] =>
[subnetv6] =>
[inerrs] => 0
[outerrs] => 0
[collisions] => 0
[inbytespass] => 28740081892
[outbytespass] => 49970033190
[inpktspass] => 188179898
[outpktspass] => 228656285
[inbytesblock] => 13856401
[outbytesblock] => 2700
[inpktsblock] => 98323
[outpktsblock] => 48
[inbytes] => 28740081892
[outbytes] => 49970033190
[inpkts] => 188179898
[outpkts] => 228656285
[media] => 10Gbase-T <full-duplex>
)
[EMAIL] => Array
(
[hwif] => vtnet0
[enable] => 1
[if] => vtnet0
[status] => up
[macaddr] => 6e:67:fe:97:22:ee
[mtu] => 1500
[ipaddr] => 200.xx.xx
[subnet] => 255.255.255.0
[linklocal] => fe80::6c67:feff:fe97:22ee%vtnet0
[ipaddrv6] =>
[subnetv6] =>
[inerrs] => 0
[outerrs] => 0
[collisions] => 0
[inbytespass] => 27029125910
[outbytespass] => 8003925466
[inpktspass] => 174032953
[outpktspass] => 130754351
[inbytesblock] => 3379589
[outbytesblock] => 0
[inpktsblock] => 60934
[outpktsblock] => 0
[inbytes] => 27029125910
[outbytes] => 8003925466
[inpkts] => 174032953
[outpkts] => 130754351
[dhcplink] => up
[media] => 10Gbase-T <full-duplex>
[gateway] => 200.xx.xx
[gatewayv6] =>
)
[INVITADOS] => Array
(
[hwif] => vtnet2.3
[enable] => 1
[if] => vtnet2.3
[status] => up
[macaddr] => 4e:1c:63:bc:d3:fc
[mtu] => 1500
[ipaddr] => 192.168.12.254
[subnet] => 255.255.255.0
[linklocal] => fe80::4c1c:63ff:febc:d3fc%vtnet2.3
[ipaddrv6] =>
[subnetv6] =>
[inerrs] => 0
[outerrs] => 0
[collisions] => 0
[inbytespass] => 2224303667
[outbytespass] => 13264801694
[inpktspass] => 10161288
[outpktspass] => 13070952
[inbytesblock] => 8198412
[outbytesblock] => 15647
[inpktsblock] => 100555
[outpktsblock] => 20
[inbytes] => 2224303667
[outbytes] => 13264801694
[inpkts] => 10161288
[outpkts] => 13070952
[media] => 10Gbase-T <full-duplex>
)
)
Array
(
[0] => vtnet0
[1] => vtnet1
[2] => vtnet2
[3] => lo0
[4] => enc0
[5] => pfsync0
[6] => pflog0
[7] => vtnet2.3
[8] => vtnet2.100
[9] => ovpns1
[10] => ovpns2
)
Array
(
[wan] => wan
[lan] => lan
[opt1] => opt1
[opt2] => opt2
)
-------------------
Services:
Array
(
[0] => Array
(
[name] => squid
[rcfile] => squid.sh
[executable] => squid
[description] => Squid Proxy Server Service
)
[1] => Array
(
[name] => clamd
[rcfile] => clamd.sh
[executable] => clamd
[description] => ClamAV Antivirus
)
[2] => Array
(
[name] => c-icap
[rcfile] => c-icap.sh
[executable] => c-icap
[description] => ICAP Inteface for Squid and ClamAV integration
)
[3] => Array
(
[name] => darkstat
[rcfile] => darkstat.sh
[executable] => darkstat
[description] => Darkstat bandwidth monitoring daemon
)
[4] => Array
(
[name] => pfb_dnsbl
[rcfile] => pfb_dnsbl.sh
[executable] => lighttpd_pfb
[description] => pfBlockerNG DNSBL service
)
[5] => Array
(
[name] => pfb_filter
[rcfile] => pfb_filter.sh
[executable] => php_pfb
[description] => pfBlockerNG firewall filter service
)
[6] => Array
(
[name] => zabbix_agentd
[rcfile] => zabbix_agentd.sh
[executable] => zabbix_agentd
[description] => Zabbix Agent Host Monitor Daemon
)
[7] => Array
(
[name] => squidGuard
[description] => Proxy server filter Service
[executable] => squidGuard
)
[8] => Array
(
[name] => haproxy
[rcfile] => haproxy.sh
[executable] => haproxy
[description] => TCP/HTTP(S) Load Balancer
)
[9] => Array
(
[name] => snort
[rcfile] => snort.sh
[executable] => snort
[description] => Snort IDS/IPS Daemon
)
[10] => Array
(
[name] => unbound
[description] => DNS Resolver
)
[11] => Array
(
[name] => ntpd
[description] => NTP clock sync
)
[12] => Array
(
[name] => syslogd
[description] => System Logger Daemon
)
[13] => Array
(
[name] => dhcpd
[description] => DHCP Service
)
[14] => Array
(
[name] => dpinger
[description] => Gateway Monitoring Daemon
)
[15] => Array
(
[name] => miniupnpd
[description] => UPnP Service
)
[16] => Array
(
[name] => sshd
[description] => Secure Shell Daemon
)
[17] => Array
(
[name] => openvpn
[mode] => server
[id] => 0
[vpnid] => 1
[description] => OpenVPN server: Remote Access
)
[18] => Array
(
[name] => openvpn
[mode] => server
[id] => 1
[vpnid] => 2
[description] => OpenVPN server:
)
)Ok, I think I've figured it out.
When a user is connected you can see values flowing correctly to Zabbix, because values exist.
When a user disconnects values like bytes_recv are unexistent (because item key no longer exist, since user is not connected). You can check the orange exclamation mark right to the item stating that "item no longer exists and will be deleted".
Item key is:
pfsense.value[openvpn_server_uservalue,$SERVER_INDEX+$USER_NAME,bytes_recv]
when $USER_NAME is disconnected item no longer exists, so to me this is the correct behavior.
If this could represent a problem I will consider to sanitize the output of item lookup in the php script, maybe differentiating string and numeric output.
killmasta93
commented
4 years ago Thanks for the reply, so in theory it does not save the information on zabbix? so only appears if the user is connected correct?
Thank you
rbicelli
commented
4 years ago Informations are recorded in Zabbix but since some of them are real time values and exist only when a connection is up they are not recorded if the connection doen't exist. You could always dig into values history and check the values when the connection was active. Cheers
killmasta93
commented
4 years ago Thanks for the reply, as in the dig values in the history unfortunately only shows the last 500 results so lets say user 1 connects to vpn, and a few days later i wanted to see the IP or when it disconnects or connects i cant see that
rbicelli
commented
4 years ago Sorry, I double checked and found a bug: when a numeric value doesn't exist it is reported to Zabbix as empty string, value to become unsupported (client id, etc) and never checked even when became supported. Will release a fix soon.
killmasta93
commented
4 years ago thank you so much
rbicelli
commented
4 years ago Altough it was not properly a bug (verified and when a user reconnects values keep flowing again), added a default value in script for numeric values that could "disappear" in discovery upon user disconnect, just for not throwing the "red exclamation mark" in ZAbbix UI.
killmasta93
commented
4 years ago Thanks for the reply, so i re downloaded the repo, but im trying to re upload the xml but it seems that might be an error only shows pfSense Active: OpenVPN Server User Auth as for the template and i try to upload the other one and it seems to replace it, i tried searching for pfsense on the template and did not appear the one that does not appear is template_pfsense_active
rbicelli
commented
4 years ago Hi! I have re-exported and re-committed the template. Please check it out
killmasta93
commented
4 years ago Thank you that did the trick
Hi, I wanted to say thank you for this amazing template. Was just wondering is it possible to add the which user has connected and disconnected from their IP?
Thank you