Closed asachs01 closed 1 year ago
root@ip-10-0-1-75:/var/log/openvpn# cat status.log OpenVPN CLIENT LIST Updated,2022-07-29 17:31:30 Common Name,Real Address,Bytes Received,Bytes Sent,Connected Since ROUTING TABLE Virtual Address,Common Name,Real Address,Last Ref GLOBAL STATS Max bcast/mcast queue length,0 END
$ telnet localhost 1195 Trying 127.0.0.1... Escape character is '^]'.
INFO:OpenVPN Management Interface Version 2 -- type 'help' for more info status OpenVPN CLIENT LIST Updated,Fri Jul 29 17:50:06 2022 Common Name,Real Address,Bytes Received,Bytes Sent,Connected Since user1,255.111.131.50:52610,2859065,28030962,Fri Jul 29 15:10:21 2022 user2,255.113.58.27:51547,192748,346494,Fri Jul 29 15:48:05 2022 user3,255.183.104.90:51837,63122443,254270929,Tue Jul 26 22:10:50 2022 user4,255.195.96.171:34101,2376431,48458294,Fri Jul 29 14:12:56 2022 user5,255.222.168.148:31242,1233555,26366851,Fri Jul 29 15:18:03 2022 user6,255.126.18.53:49907,4386870,11086944,Fri Jul 29 13:48:57 2022 user7,255.204.243.189:56744,93188,140662,Fri Jul 29 17:01:53 2022 user8,255.57.240.176:42645,877933,2080888,Fri Jul 29 15:48:35 2022 user9,255.83.236.162:2274,11397815,17611679,Fri Jul 29 15:40:04 2022 user10,255.143.212.167:59187,72183,616726,Fri Jul 29 14:52:48 2022 user11,255.180.141.230:65159,608815,885343,Fri Jul 29 15:46:45 2022 user12,255.17.144.160:52708,403427,580565,Fri Jul 29 15:58:16 2022 user13,255.202.47.237:13166,23028046,212627208,Fri Jul 29 15:42:34 2022 ROUTING TABLE Virtual Address,Common Name,Real Address,Last Ref 10.201.0.34,user1,255.222.168.148:31242,Fri Jul 29 15:19:38 2022 10.201.0.18,user2,255.204.243.189:56744,Fri Jul 29 17:50:06 2022 10.201.0.70,user3,255.57.240.176:42645,Fri Jul 29 17:50:06 2022 10.201.0.30,user4,255.195.96.171:34101,Fri Jul 29 17:49:38 2022 10.201.0.10,user5,255.180.141.230:65159,Fri Jul 29 17:50:05 2022 10.201.0.78,user6,255.17.144.160:52708,Fri Jul 29 17:50:05 2022 10.201.0.14,user7,255.126.18.53:49907,Fri Jul 29 17:50:06 2022 10.201.0.50,user8,255.111.131.50:52610,Fri Jul 29 17:50:03 2022 10.201.0.66,user9,255.113.58.27:51547,Fri Jul 29 17:49:59 2022 10.201.0.38,user10,255.83.236.162:2274,Fri Jul 29 17:50:05 2022 10.201.0.46,user11,255.143.212.167:59187,Fri Jul 29 17:06:02 2022 10.201.0.6,user12,255.183.104.90:51837,Fri Jul 29 17:50:06 2022 10.201.0.58,user13,255.202.47.237:13166,Fri Jul 29 17:50:06 2022 GLOBAL STATS Max bcast/mcast queue length,0 END quit Connection closed by foreign host.
$ telnet localhost 1195 Trying 127.0.0.1... Escape character is '^]'.
INFO:OpenVPN Management Interface Version 2 -- type 'help' for more info status OpenVPN CLIENT LIST Updated,Fri Jul 29 17:49:28 2022 Common Name,Real Address,Bytes Received,Bytes Sent,Connected Since user1,255.116.200.30:51444,368618,1023550,Fri Jul 29 14:21:48 2022 ROUTING TABLE Virtual Address,Common Name,Real Address,Last Ref 10.202.0.6,user1,255.116.200.30:51444,Fri Jul 29 17:49:16 2022 GLOBAL STATS Max bcast/mcast queue length,0 END quit Connection closed by foreign host.
those are my 2.
@lrosenman are these the requirements?
Ensure the OpenVPN:
@lrosenman are these the requirements?
Ensure the OpenVPN:
- Process is running (critical)
- Service is operating and serving its status (critical)
- Service has active client connections with associated routes (warning)
Yes. No connections is a valid state, but unusual.
@lrosenman would you want a non-ok status when there are no connections/routes? Perhaps something like a "minimum connections threshold" is appropriate? If unset (or 0), do not inspect the client count.
@lrosenman would you want a non-ok status when there are no connections/routes? Perhaps something like a "minimum connections threshold" is appropriate? If unset (or 0), do not inspect the client count.
Hrm. I would like the client count in the message that is put out. I think a tunable like above would be a good thing.
Ensure the OpenVPN:
Updated
value against current time to determine the file's ageOptions (CLI and ENV):
--status-file
(required)
--status-file-age-crit
(default to 180)
--status-file-age-warn
(default to 120)
--min-clients-crit
(default to 0)
--min-clients-warn
(default to 0)
Use the status file parser from: https://github.com/kumina/openvpn_exporter/blob/1cd81583a5affdfc6d5a2175677526e273075df3/exporters/openvpn_exporter.go#L180
@fguimond pointed out that the Updated
time has no TZ info etc and could be unreliable. Alternatively, we can use the actual status file last modified timestamp to determine the age.
@asachs01 this should be ready to ship on Monday.
@jhenderson-pro to follow up and then shoot this over to the customer.
As part of internal ref https://secure.helpscout.net/conversation/1936626140/29399?folderId=1211661 and a recent DA discussion we'd like to have an OpenVPN integration. In order to deliver this, the integration will require:
Some inspiration for this may be found in the openvpn prometheus exporter.
What is outstanding in this issue is an example of what the status file looks like. @jhenderson-pro to provide that.