Closed asachs01 closed 1 year ago
jhenderson-pro
commented
2 years ago root@ip-10-0-1-75:/var/log/openvpn# cat status.log OpenVPN CLIENT LIST Updated,2022-07-29 17:31:30 Common Name,Real Address,Bytes Received,Bytes Sent,Connected Since ROUTING TABLE Virtual Address,Common Name,Real Address,Last Ref GLOBAL STATS Max bcast/mcast queue length,0 END
lrosenman
commented
2 years ago $ telnet localhost 1195 Trying 127.0.0.1... Escape character is '^]'.
INFO:OpenVPN Management Interface Version 2 -- type 'help' for more info status OpenVPN CLIENT LIST Updated,Fri Jul 29 17:50:06 2022 Common Name,Real Address,Bytes Received,Bytes Sent,Connected Since user1,255.111.131.50:52610,2859065,28030962,Fri Jul 29 15:10:21 2022 user2,255.113.58.27:51547,192748,346494,Fri Jul 29 15:48:05 2022 user3,255.183.104.90:51837,63122443,254270929,Tue Jul 26 22:10:50 2022 user4,255.195.96.171:34101,2376431,48458294,Fri Jul 29 14:12:56 2022 user5,255.222.168.148:31242,1233555,26366851,Fri Jul 29 15:18:03 2022 user6,255.126.18.53:49907,4386870,11086944,Fri Jul 29 13:48:57 2022 user7,255.204.243.189:56744,93188,140662,Fri Jul 29 17:01:53 2022 user8,255.57.240.176:42645,877933,2080888,Fri Jul 29 15:48:35 2022 user9,255.83.236.162:2274,11397815,17611679,Fri Jul 29 15:40:04 2022 user10,255.143.212.167:59187,72183,616726,Fri Jul 29 14:52:48 2022 user11,255.180.141.230:65159,608815,885343,Fri Jul 29 15:46:45 2022 user12,255.17.144.160:52708,403427,580565,Fri Jul 29 15:58:16 2022 user13,255.202.47.237:13166,23028046,212627208,Fri Jul 29 15:42:34 2022 ROUTING TABLE Virtual Address,Common Name,Real Address,Last Ref 10.201.0.34,user1,255.222.168.148:31242,Fri Jul 29 15:19:38 2022 10.201.0.18,user2,255.204.243.189:56744,Fri Jul 29 17:50:06 2022 10.201.0.70,user3,255.57.240.176:42645,Fri Jul 29 17:50:06 2022 10.201.0.30,user4,255.195.96.171:34101,Fri Jul 29 17:49:38 2022 10.201.0.10,user5,255.180.141.230:65159,Fri Jul 29 17:50:05 2022 10.201.0.78,user6,255.17.144.160:52708,Fri Jul 29 17:50:05 2022 10.201.0.14,user7,255.126.18.53:49907,Fri Jul 29 17:50:06 2022 10.201.0.50,user8,255.111.131.50:52610,Fri Jul 29 17:50:03 2022 10.201.0.66,user9,255.113.58.27:51547,Fri Jul 29 17:49:59 2022 10.201.0.38,user10,255.83.236.162:2274,Fri Jul 29 17:50:05 2022 10.201.0.46,user11,255.143.212.167:59187,Fri Jul 29 17:06:02 2022 10.201.0.6,user12,255.183.104.90:51837,Fri Jul 29 17:50:06 2022 10.201.0.58,user13,255.202.47.237:13166,Fri Jul 29 17:50:06 2022 GLOBAL STATS Max bcast/mcast queue length,0 END quit Connection closed by foreign host.
$ telnet localhost 1195 Trying 127.0.0.1... Escape character is '^]'.
INFO:OpenVPN Management Interface Version 2 -- type 'help' for more info status OpenVPN CLIENT LIST Updated,Fri Jul 29 17:49:28 2022 Common Name,Real Address,Bytes Received,Bytes Sent,Connected Since user1,255.116.200.30:51444,368618,1023550,Fri Jul 29 14:21:48 2022 ROUTING TABLE Virtual Address,Common Name,Real Address,Last Ref 10.202.0.6,user1,255.116.200.30:51444,Fri Jul 29 17:49:16 2022 GLOBAL STATS Max bcast/mcast queue length,0 END quit Connection closed by foreign host.
those are my 2.
portertech
commented
2 years ago @lrosenman are these the requirements?
Ensure the OpenVPN:
lrosenman
commented
2 years ago @lrosenman are these the requirements?
Ensure the OpenVPN:
- Process is running (critical)
- Service is operating and serving its status (critical)
- Service has active client connections with associated routes (warning)
Yes. No connections is a valid state, but unusual.
portertech
commented
2 years ago @lrosenman would you want a non-ok status when there are no connections/routes? Perhaps something like a "minimum connections threshold" is appropriate? If unset (or 0), do not inspect the client count.
lrosenman
commented
2 years ago @lrosenman would you want a non-ok status when there are no connections/routes? Perhaps something like a "minimum connections threshold" is appropriate? If unset (or 0), do not inspect the client count.
Hrm. I would like the client count in the message that is put out. I think a tunable like above would be a good thing.
portertech
commented
2 years ago Ensure the OpenVPN:
Updated value against current time to determine the file's ageOptions (CLI and ENV):
--status-file (required)
--status-file-age-crit (default to 180)
--status-file-age-warn (default to 120)
--min-clients-crit (default to 0)
--min-clients-warn (default to 0)
Use the status file parser from: https://github.com/kumina/openvpn_exporter/blob/1cd81583a5affdfc6d5a2175677526e273075df3/exporters/openvpn_exporter.go#L180
portertech
commented
2 years ago @fguimond pointed out that the Updated time has no TZ info etc and could be unreliable. Alternatively, we can use the actual status file last modified timestamp to determine the age.
portertech
commented
1 year ago @asachs01 this should be ready to ship on Monday.
asachs01
commented
1 year ago @jhenderson-pro to follow up and then shoot this over to the customer.
As part of internal ref https://secure.helpscout.net/conversation/1936626140/29399?folderId=1211661 and a recent DA discussion we'd like to have an OpenVPN integration. In order to deliver this, the integration will require:
Some inspiration for this may be found in the openvpn prometheus exporter.
What is outstanding in this issue is an example of what the status file looks like. @jhenderson-pro to provide that.