Hi (please try to not top-post),

On 12/07/18 14:04, Pradeep Kumar Udupi wrote:
> Hi
> 
> Basically I want a setup wherein all network connections from browsers,
> apps, api calls etc needs to be logged. Only the request URLs needs to be
> logged. We plan to use OpenVPN source and customise it to connect to a
> VPN. The assumption here is that its possible to log all requests calls
> either on the server or client side. Logging will be for all users and not
> just a subset of the VPN users. Anybody connected to the VPN will have the
> requests logged. 
> 
> For e.g. Logs like this.
> 
> GET http://www.apple.com
> POST http://api.example.com/someAPI
> 
> OpenVPN status file does not capture all that we need.

This is something that happens at an higher layer compared to where
OpenVPN works.

Basically this means that the problem you are trying to solve is the
same as if instead of an OpenVPN tunnel you'd have a simple Ethernet
connection to your LAN.
The LAN GW would be the host where all the traffic passes through (the
VPN server in the case of OpenVPN - assuming you have configured a
default route via it).

This said, this can be done in various ways, from using iptables to
network monitor tools. However, note that you'll be able to get the
actual content of connections only if they are not using encrypted
protocols (i.e. HTTPS vs HTTP).

If you want to monitor only only HTTP connections, maybe the easiest
approach would be to configure a transparent HTTP proxy on the
GW(/VPN-Server) and let it dump the information you need.


However, I hope your users know that you are going to collect all that
data about them :-)


Regards,


-- 
Antonio Quartulli

Attachment: signature.asc
Description: OpenPGP digital signature

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users

Reply via email to