On 04/12/09 16:08, Joseph L. Casale wrote:
> > I have been asked to monitor traffic, per user through our openvpn
pfsense setup, as its
> > setup for filtering (Therefor I know what ip each user uses), I
presume this can easily be
> > done by looking at traffic between the opt int and the lan int.
> >
> > Are there provisions built in to pfsense to make this easy, can I
send the data to a different
> > host for example w/ a mysql backend?
actually, that's something I would like to do as well.
if I do "ifconfig tun0" it doesn't report any traffic; neither does it
do so for enc0 when using ipsec
# ifconfig enc0
enc0: flags=141<UP,RUNNING,PROMISC> metric 0 mtu 1536
# ifconfig tun0
tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1500
inet6 xxxx::xxx:xxxx:xxxx:xxxx%tun0 prefixlen 64 scopeid 0x1d
inet x.x.x.x --> x.x.x.x netmask 0xffffffff
Opened by PID 39108
#
what you can do with openvpn is to add a custom setting "status", e.g.
status /etc/myopenvpn.status
this file gets populated thus:
OpenVPN STATISTICS
Updated,Fri Dec 4 16:16:53 2009
TUN/TAP read bytes,0
TUN/TAP write bytes,0
TCP/UDP read bytes,2821442
TCP/UDP write bytes,2657319
Auth read bytes,656320
pre-compress bytes,0
post-compress bytes,0
pre-decompress bytes,0
post-decompress bytes,0
END
You could probably hack up a munin plugin to read this. Hang on,
someone already did
homepage: http://munin.projects.linpro.no/wiki/plugin-openvpn
plugin: http://rodolphe.quiedeville.org/hack/munin/openvpn/
HTH
Paul
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
Commercial support available - https://portal.pfsense.org
