rbicelli / pfsense-zabbix-template

Zabbix Template for pfSense
Apache License 2.0
244 stars 109 forks source link

OpenVPN? #27

Closed killmasta93 closed 4 years ago

killmasta93 commented 4 years ago

Hi, I wanted to say thank you for this amazing template. Was just wondering is it possible to add the which user has connected and disconnected from their IP?

Thank you

rbicelli commented 4 years ago

Hi, at present time the template logs only the virtual ip address assigned by openVPN server. You could dig into values history which ips were assigned to a specific user. If you need the remote IP address of a particular user it has to be added in the template.

killmasta93 commented 4 years ago

thanks for the reply, i was checking the logs, it shows how many users connected but does not show which user was connected? Thank you

rbicelli commented 4 years ago

Have you added and linked the optional template included?

killmasta93 commented 4 years ago

thanks for the reply, i linked both templates to pfSense or did i miss something?

killmasta93 commented 4 years ago

hi there so heres the screen shot

image

image

killmasta93 commented 4 years ago

bump?

rbicelli commented 4 years ago

Please provide version of pfsense, version of zabbix and output of pfsense_zbx.php, masking sensitive data.

killmasta93 commented 4 years ago

Thanks for the reply, pfsense 2.4.5-p1 zabbix: on pfsense 4.4 as for the output of the pfsense_zabbix.php not sure how i can show the output?

Thank you

rbicelli commented 4 years ago

Login to pfsense shell and issue command: php /path/where/you/installed/the/script/pfsense_zbx.php

killmasta93 commented 4 years ago

Thanks for the reply, here is the output

OPENVPN Servers:
Array
(
    [0] => Array
        (
            [port] => 1194
            [mode] => server_tls_user
            [name] => Remote Access UDP4:1194
            [conns] => Array
                (
                )

            [vpnid] => 1
            [mgmt] => server1
        )

    [1] => Array
        (
            [port] => 1195
            [mode] => p2p_shared_key
            [name] => Server UDP4:1195
            [conns] => Array
                (
                )

            [vpnid] => 2
            [mgmt] => server2
            [status] => up
            [connect_time] => Fri Jun 26 7:41:23 2020
            [virtual_addr] => 192.168.20.1
            [remote_host] => 190.144.xx.xx
            [remote_port] => 50634
            [local_host] => 200.116.xx.xx
            [local_port] => 1195

            [virtual_addr6] => 
            [bytes_recv] => 18229008

            [bytes_sent] => 14251120

        )

)
-------------------
OPENVPN Clients:
Array
(
)
-------------------
Network Interfaces:
Array
(
    [WAN] => Array
        (
            [hwif] => vtnet1
            [enable] => 1
            [if] => vtnet1
            [status] => up
            [macaddr] => d0:50:99:44:1e:e0
            [mtu] => 1500
            [ipaddr] => 181.136.xx.xx
            [subnet] => 255.255.224.0
            [linklocal] => fe80::d250:99ff:fe44:1ee0%vtnet1
            [ipaddrv6] => 
            [subnetv6] => 
            [inerrs] => 0
            [outerrs] => 0
            [collisions] => 0
            [inbytespass] => 22807955311
            [outbytespass] => 11545875844
            [inpktspass] => 24465340
            [outpktspass] => 46594720
            [inbytesblock] => 62773245
            [outbytesblock] => 1359
            [inpktsblock] => 913598
            [outpktsblock] => 9
            [inbytes] => 22807955311
            [outbytes] => 11545875844
            [inpkts] => 24465340
            [outpkts] => 46594720
            [dhcplink] => up
            [media] => 10Gbase-T <full-duplex>
            [gateway] => 181.136.xx.xx
            [gatewayv6] => 
        )

    [LAN] => Array
        (
            [hwif] => vtnet2
            [enable] => 1
            [if] => vtnet2
            [status] => up
            [macaddr] => 4e:1c:63:bc:d3:fc
            [mtu] => 1500
            [ipaddr] => 192.168.3.254
            [subnet] => 255.255.255.0
            [linklocal] => fe80::4c1c:63ff:febc:d3fc%vtnet2
            [ipaddrv6] => 
            [subnetv6] => 
            [inerrs] => 0
            [outerrs] => 0
            [collisions] => 0
            [inbytespass] => 16759467922
            [outbytespass] => 28979723787
            [inpktspass] => 116946557
            [outpktspass] => 135497838
            [inbytesblock] => 7072314
            [outbytesblock] => 1440
            [inpktsblock] => 56419
            [outpktsblock] => 27
            [inbytes] => 16759467922
            [outbytes] => 28979723787
            [inpkts] => 116946557
            [outpkts] => 135497838
            [media] => 10Gbase-T <full-duplex>
        )

    [EMAIL] => Array
        (
            [hwif] => vtnet0
            [enable] => 1
            [if] => vtnet0
            [status] => up
            [macaddr] => 6e:67:fe:97:22:ee
            [mtu] => 1500
            [ipaddr] => 200.116.xx,.xx
            [subnet] => 255.255.255.0
            [linklocal] => fe80::6c67:feff:fe97:22ee%vtnet0
            [ipaddrv6] => 
            [subnetv6] => 
            [inerrs] => 0
            [outerrs] => 0
            [collisions] => 0
            [inbytespass] => 13744091215
            [outbytespass] => 5065056489
            [inpktspass] => 103474653
            [outpktspass] => 82679195
            [inbytesblock] => 1971161
            [outbytesblock] => 0
            [inpktsblock] => 35696
            [outpktsblock] => 0
            [inbytes] => 13744091215
            [outbytes] => 5065056489
            [inpkts] => 103474653
            [outpkts] => 82679195
            [dhcplink] => up
            [media] => 10Gbase-T <full-duplex>
            [gateway] => 200.116.xx.xx
            [gatewayv6] => 
        )

    [INVITADOS] => Array
        (
            [hwif] => vtnet2.3
            [enable] => 1
            [if] => vtnet2.3
            [status] => up
            [macaddr] => 4e:1c:63:bc:d3:fc
            [mtu] => 1500
            [ipaddr] => 192.168.12.254
            [subnet] => 255.255.255.0
            [linklocal] => fe80::4c1c:63ff:febc:d3fc%vtnet2.3
            [ipaddrv6] => 
            [subnetv6] => 
            [inerrs] => 0
            [outerrs] => 0
            [collisions] => 0
            [inbytespass] => 1439922619
            [outbytespass] => 9674015916
            [inpktspass] => 6754827
            [outpktspass] => 8977359
            [inbytesblock] => 8132157
            [outbytesblock] => 15647
            [inpktsblock] => 97569
            [outpktsblock] => 20
            [inbytes] => 1439922619
            [outbytes] => 9674015916
            [inpkts] => 6754827
            [outpkts] => 8977359
            [media] => 10Gbase-T <full-duplex>
        )

)
Array
(
    [0] => vtnet0
    [1] => vtnet1
    [2] => vtnet2
    [3] => lo0
    [4] => enc0
    [5] => pfsync0
    [6] => pflog0
    [7] => vtnet2.3
    [8] => vtnet2.100
    [9] => ovpns1
    [10] => ovpns2
)
Array
(
    [wan] => wan
    [lan] => lan
    [opt1] => opt1
    [opt2] => opt2
)
-------------------
Services: 
Array
(
    [0] => Array
        (
            [name] => squid
            [rcfile] => squid.sh
            [executable] => squid
            [description] => Squid Proxy Server Service
        )

    [1] => Array
        (
            [name] => clamd
            [rcfile] => clamd.sh
            [executable] => clamd
            [description] => ClamAV Antivirus
        )

    [2] => Array
        (
            [name] => c-icap
            [rcfile] => c-icap.sh
            [executable] => c-icap
            [description] => ICAP Inteface for Squid and ClamAV integration
        )

    [3] => Array
        (
            [name] => darkstat
            [rcfile] => darkstat.sh
            [executable] => darkstat
            [description] => Darkstat bandwidth monitoring daemon
        )

    [4] => Array
        (
            [name] => pfb_dnsbl
            [rcfile] => pfb_dnsbl.sh
            [executable] => lighttpd_pfb
            [description] => pfBlockerNG DNSBL service
        )

    [5] => Array
        (
            [name] => pfb_filter
            [rcfile] => pfb_filter.sh
            [executable] => php_pfb
            [description] => pfBlockerNG firewall filter service
        )

    [6] => Array
        (
            [name] => zabbix_agentd
            [rcfile] => zabbix_agentd.sh
            [executable] => zabbix_agentd
            [description] => Zabbix Agent Host Monitor Daemon
        )

    [7] => Array
        (
            [name] => squidGuard
            [description] => Proxy server filter Service
            [executable] => squidGuard
        )

    [8] => Array
        (
            [name] => haproxy
            [rcfile] => haproxy.sh
            [executable] => haproxy
            [description] => TCP/HTTP(S) Load Balancer
        )

    [9] => Array
        (
            [name] => snort
            [rcfile] => snort.sh
            [executable] => snort
            [description] => Snort IDS/IPS Daemon
        )

    [10] => Array
        (
            [name] => unbound
            [description] => DNS Resolver
        )

    [11] => Array
        (
            [name] => ntpd
            [description] => NTP clock sync
        )

    [12] => Array
        (
            [name] => syslogd
            [description] => System Logger Daemon
        )

    [13] => Array
        (
            [name] => dhcpd
            [description] => DHCP Service
        )

    [14] => Array
        (
            [name] => dpinger
            [description] => Gateway Monitoring Daemon
        )

    [15] => Array
        (
            [name] => miniupnpd
            [description] => UPnP Service
        )

    [16] => Array
        (
            [name] => sshd
            [description] => Secure Shell Daemon
        )

    [17] => Array
        (
            [name] => openvpn
            [mode] => server
            [id] => 0
            [vpnid] => 1
            [description] => OpenVPN server: Remote Access
        )

    [18] => Array
        (
            [name] => openvpn
            [mode] => server
            [id] => 1
            [vpnid] => 2
            [description] => OpenVPN server: 
        )

)
-------------------
rbicelli commented 4 years ago

In this output there's no client connected to your vpn server.

killmasta93 commented 4 years ago

thanks for the reply here is the output when user is connected to the VPN

php scripts/pfsense_zbx.php
OPENVPN Servers:
Array
(
    [0] => Array
        (
            [port] => 1194
            [mode] => server_tls_user
            [name] => Remote Access UDP4:1194
            [conns] => Array
                (
                    [0] => Array
                        (
                            [common_name] => juser23
                            [remote_host] => 100.xxxx:1194
                            [virtual_addr] => 192.168.100.6
                            [virtual_addr6] => 
                            [bytes_recv] => 58697996
                            [bytes_sent] => 101923622
                            [connect_time] => Fri Jul  3 07:30:50 2020
                            [connect_time_unix] => 1593779450
                            [user_name] => juser23
                            [client_id] => 14
                            [peer_id] => 0

                        )

                    [1] => Array
                        (
                            [common_name] => uservpn
                            [remote_host] => 192.168.3.55:33913
                            [virtual_addr] => 192.168.100.2
                            [virtual_addr6] => 
                            [bytes_recv] => 33387
                            [bytes_sent] => 20104
                            [connect_time] => Fri Jul  3 09:31:20 2020
                            [connect_time_unix] => 1593786680
                            [user_name] => uservpn
                            [client_id] => 15
                            [peer_id] => 1

                        )

                )

            [vpnid] => 1
            [mgmt] => server1
            [routes] => Array
                (
                    [0] => Array
                        (
                            [virtual_addr] => 192.168.100.6
                            [common_name] => juser23
                            [remote_host] => 100.85.96.55:1194
                            [last_time] => Fri Jul  3 09:31:40 2020
                        )

                    [1] => Array
                        (
                            [virtual_addr] => 192.168.100.2
                            [common_name] => uservpn
                            [remote_host] => 192.168.3.55:33913
                            [last_time] => Fri Jul  3 09:31:40 2020
                        )

                )

        )

    [1] => Array
        (
            [port] => 1195
            [mode] => p2p_shared_key
            [name] => Server UDP4:1195
            [conns] => Array
                (
                )

            [vpnid] => 2
            [mgmt] => server2
            [status] => up
            [connect_time] => Fri Jun 26 7:41:23 2020
            [virtual_addr] => 192.168.20.1
            [remote_host] => 190.xx,xx
            [remote_port] => 50634
            [local_host] => 200.xx.xx
            [local_port] => 1195

            [virtual_addr6] => 
            [bytes_recv] => 21780528

            [bytes_sent] => 17501024

        )

)
-------------------
OPENVPN Clients:
Array
(
)
-------------------
Network Interfaces:
Array
(
    [WAN] => Array
        (
            [hwif] => vtnet1
            [enable] => 1
            [if] => vtnet1
            [status] => up
            [macaddr] => d0:50:99:44:1e:e0
            [mtu] => 1500
            [ipaddr] => 181.xx.xx
            [subnet] => 255.255.224.0
            [linklocal] => fe80::d250:99ff:fe44:1ee0%vtnet1
            [ipaddrv6] => 
            [subnetv6] => 
            [inerrs] => 0
            [outerrs] => 0
            [collisions] => 0
            [inbytespass] => 32585439859
            [outbytespass] => 22138774223
            [inpktspass] => 37108478
            [outpktspass] => 84529104
            [inbytesblock] => 103257448
            [outbytesblock] => 9587
            [inpktsblock] => 1512272
            [outpktsblock] => 76
            [inbytes] => 32585439859
            [outbytes] => 22138774223
            [inpkts] => 37108478
            [outpkts] => 84529104
            [dhcplink] => up
            [media] => 10Gbase-T <full-duplex>
            [gateway] => 181.xx,xx
            [gatewayv6] => 
        )

    [LAN] => Array
        (
            [hwif] => vtnet2
            [enable] => 1
            [if] => vtnet2
            [status] => up
            [macaddr] => 4e:1c:63:bc:d3:fc
            [mtu] => 1500
            [ipaddr] => 192.168.3.254
            [subnet] => 255.255.255.0
            [linklocal] => fe80::4c1c:63ff:febc:d3fc%vtnet2
            [ipaddrv6] => 
            [subnetv6] => 
            [inerrs] => 0
            [outerrs] => 0
            [collisions] => 0
            [inbytespass] => 28740081892
            [outbytespass] => 49970033190
            [inpktspass] => 188179898
            [outpktspass] => 228656285
            [inbytesblock] => 13856401
            [outbytesblock] => 2700
            [inpktsblock] => 98323
            [outpktsblock] => 48
            [inbytes] => 28740081892
            [outbytes] => 49970033190
            [inpkts] => 188179898
            [outpkts] => 228656285
            [media] => 10Gbase-T <full-duplex>
        )

    [EMAIL] => Array
        (
            [hwif] => vtnet0
            [enable] => 1
            [if] => vtnet0
            [status] => up
            [macaddr] => 6e:67:fe:97:22:ee
            [mtu] => 1500
            [ipaddr] => 200.xx.xx
            [subnet] => 255.255.255.0
            [linklocal] => fe80::6c67:feff:fe97:22ee%vtnet0
            [ipaddrv6] => 
            [subnetv6] => 
            [inerrs] => 0
            [outerrs] => 0
            [collisions] => 0
            [inbytespass] => 27029125910
            [outbytespass] => 8003925466
            [inpktspass] => 174032953
            [outpktspass] => 130754351
            [inbytesblock] => 3379589
            [outbytesblock] => 0
            [inpktsblock] => 60934
            [outpktsblock] => 0
            [inbytes] => 27029125910
            [outbytes] => 8003925466
            [inpkts] => 174032953
            [outpkts] => 130754351
            [dhcplink] => up
            [media] => 10Gbase-T <full-duplex>
            [gateway] => 200.xx.xx
            [gatewayv6] => 
        )

    [INVITADOS] => Array
        (
            [hwif] => vtnet2.3
            [enable] => 1
            [if] => vtnet2.3
            [status] => up
            [macaddr] => 4e:1c:63:bc:d3:fc
            [mtu] => 1500
            [ipaddr] => 192.168.12.254
            [subnet] => 255.255.255.0
            [linklocal] => fe80::4c1c:63ff:febc:d3fc%vtnet2.3
            [ipaddrv6] => 
            [subnetv6] => 
            [inerrs] => 0
            [outerrs] => 0
            [collisions] => 0
            [inbytespass] => 2224303667
            [outbytespass] => 13264801694
            [inpktspass] => 10161288
            [outpktspass] => 13070952
            [inbytesblock] => 8198412
            [outbytesblock] => 15647
            [inpktsblock] => 100555
            [outpktsblock] => 20
            [inbytes] => 2224303667
            [outbytes] => 13264801694
            [inpkts] => 10161288
            [outpkts] => 13070952
            [media] => 10Gbase-T <full-duplex>
        )

)
Array
(
    [0] => vtnet0
    [1] => vtnet1
    [2] => vtnet2
    [3] => lo0
    [4] => enc0
    [5] => pfsync0
    [6] => pflog0
    [7] => vtnet2.3
    [8] => vtnet2.100
    [9] => ovpns1
    [10] => ovpns2
)
Array
(
    [wan] => wan
    [lan] => lan
    [opt1] => opt1
    [opt2] => opt2
)
-------------------
Services: 
Array
(
    [0] => Array
        (
            [name] => squid
            [rcfile] => squid.sh
            [executable] => squid
            [description] => Squid Proxy Server Service
        )

    [1] => Array
        (
            [name] => clamd
            [rcfile] => clamd.sh
            [executable] => clamd
            [description] => ClamAV Antivirus
        )

    [2] => Array
        (
            [name] => c-icap
            [rcfile] => c-icap.sh
            [executable] => c-icap
            [description] => ICAP Inteface for Squid and ClamAV integration
        )

    [3] => Array
        (
            [name] => darkstat
            [rcfile] => darkstat.sh
            [executable] => darkstat
            [description] => Darkstat bandwidth monitoring daemon
        )

    [4] => Array
        (
            [name] => pfb_dnsbl
            [rcfile] => pfb_dnsbl.sh
            [executable] => lighttpd_pfb
            [description] => pfBlockerNG DNSBL service
        )

    [5] => Array
        (
            [name] => pfb_filter
            [rcfile] => pfb_filter.sh
            [executable] => php_pfb
            [description] => pfBlockerNG firewall filter service
        )

    [6] => Array
        (
            [name] => zabbix_agentd
            [rcfile] => zabbix_agentd.sh
            [executable] => zabbix_agentd
            [description] => Zabbix Agent Host Monitor Daemon
        )

    [7] => Array
        (
            [name] => squidGuard
            [description] => Proxy server filter Service
            [executable] => squidGuard
        )

    [8] => Array
        (
            [name] => haproxy
            [rcfile] => haproxy.sh
            [executable] => haproxy
            [description] => TCP/HTTP(S) Load Balancer
        )

    [9] => Array
        (
            [name] => snort
            [rcfile] => snort.sh
            [executable] => snort
            [description] => Snort IDS/IPS Daemon
        )

    [10] => Array
        (
            [name] => unbound
            [description] => DNS Resolver
        )

    [11] => Array
        (
            [name] => ntpd
            [description] => NTP clock sync
        )

    [12] => Array
        (
            [name] => syslogd
            [description] => System Logger Daemon
        )

    [13] => Array
        (
            [name] => dhcpd
            [description] => DHCP Service
        )

    [14] => Array
        (
            [name] => dpinger
            [description] => Gateway Monitoring Daemon
        )

    [15] => Array
        (
            [name] => miniupnpd
            [description] => UPnP Service
        )

    [16] => Array
        (
            [name] => sshd
            [description] => Secure Shell Daemon
        )

    [17] => Array
        (
            [name] => openvpn
            [mode] => server
            [id] => 0
            [vpnid] => 1
            [description] => OpenVPN server: Remote Access
        )

    [18] => Array
        (
            [name] => openvpn
            [mode] => server
            [id] => 1
            [vpnid] => 2
            [description] => OpenVPN server: 
        )

)

rbicelli commented 4 years ago

Ok, I think I've figured it out. When a user is connected you can see values flowing correctly to Zabbix, because values exist. When a user disconnects values like bytes_recv are unexistent (because item key no longer exist, since user is not connected). You can check the orange exclamation mark right to the item stating that "item no longer exists and will be deleted". Item key is: pfsense.value[openvpn_server_uservalue,$SERVER_INDEX+$USER_NAME,bytes_recv] when $USER_NAME is disconnected item no longer exists, so to me this is the correct behavior. If this could represent a problem I will consider to sanitize the output of item lookup in the php script, maybe differentiating string and numeric output.

killmasta93 commented 4 years ago

Thanks for the reply, so in theory it does not save the information on zabbix? so only appears if the user is connected correct?

Thank you

rbicelli commented 4 years ago

Informations are recorded in Zabbix but since some of them are real time values and exist only when a connection is up they are not recorded if the connection doen't exist. You could always dig into values history and check the values when the connection was active. Cheers

killmasta93 commented 4 years ago

Thanks for the reply, as in the dig values in the history unfortunately only shows the last 500 results so lets say user 1 connects to vpn, and a few days later i wanted to see the IP or when it disconnects or connects i cant see that

rbicelli commented 4 years ago

Sorry, I double checked and found a bug: when a numeric value doesn't exist it is reported to Zabbix as empty string, value to become unsupported (client id, etc) and never checked even when became supported. Will release a fix soon.

killmasta93 commented 4 years ago

thank you so much

rbicelli commented 4 years ago

Altough it was not properly a bug (verified and when a user reconnects values keep flowing again), added a default value in script for numeric values that could "disappear" in discovery upon user disconnect, just for not throwing the "red exclamation mark" in ZAbbix UI.

killmasta93 commented 4 years ago

Thanks for the reply, so i re downloaded the repo, but im trying to re upload the xml but it seems that might be an error only shows pfSense Active: OpenVPN Server User Auth as for the template and i try to upload the other one and it seems to replace it, i tried searching for pfsense on the template and did not appear the one that does not appear is template_pfsense_active

rbicelli commented 4 years ago

Hi! I have re-exported and re-committed the template. Please check it out

killmasta93 commented 4 years ago

Thank you that did the trick