Script to display OpenVPN status

September 27, 2007 at 9:24 pm (Technology) (, , , , )

Well, I won’t claim it’s pretty or the most efficiently written script ever made….

However, I had a problem. OpenVPN, when it is run in daemon mode, do not give you any easy was to check who is currently logged into the VPN or what the internal routes are, etc. I learned from reading the man page, that you can cause the daemon to output status if you send a SIGUSR2 to the process. Now, if OpenVPN is not running as a daemon, it will send the status to stdout; if it IS running as a daemon, it is sent to syslog.

So, you can tail your /var/log/messages and read the stats. But that’s kinda clunky and certainly not easy for people with weak shell skills. Some people who help admin my OpenVPN server are not shell savvy, so I wanted to make a utility you could use to easy display the current stats.

Essentially, this utility sends the SIGUSR2 signal to the OpenVPN process. When it does that, it notes what time it is. Then it uses some clever regular expression magic to parse the status information out of the messages file and attempt to display it nicely. I really couldn’t find a easy way to have it auto pad the columns, etc. I was thinking of using ncurses, but thought that was over kill. If you have any ideas how to do this in Python, then please let me know.

Note in the code, that I have parsed all the fields out. So, it would be easy to extend this code to a web page/interface, or anything else that need might arise for. Yes, I know I should have added comments, but I was in a hurry when I wrote this, so save your tisking. One final note: this script does need to be run as root or suid, because it needs to send a signal and because it needs to access /var/log/messages for reading.

If you find this script useful, let me know. Enjoy…

Update: I was not able to get WordPress to display Python code correctly.  Therefore, I have published the script to my web site.  Please go here to download it.

Possibly related posts: (automatically generated)

8 Comments

  1. me said,

    October 16, 2007 at 7:58 pm

    Good luck with this.. seems you need to turn off the markup tagging on this script so people can actually download and use it. Maybe provide a link to an unmarked-up text file.

    Reply

  2. teknux said,

    October 18, 2007 at 8:07 am

    good job, but in this post it lacks indentation, can you provide some external file with indented code?

    thanks,
    tek

    Reply

  3. teknux said,

    October 18, 2007 at 8:56 am

    ok, I’ve modified and debugged the code, now it works well and it’s indented :)

    Things added:
    - some check to prevent errors in the case openvpn it’s not active
    - manual setting for pidof and /var/log/messages paths (they may differ from a distro to another)
    - fixed some char encoding

    you can view the new code to http://teknux.googlepages.com/openvpn-status.py.txt (the .txt extension permits to view it inside browser)

    feel free to contact me at my home page (even if it’s in italian lang, search for python tag :P ), or drop a mail to *mynickname*@gmail.com (my nickname is exposed in this comment field)

    cheers,
    tek

    Reply

  4. axelilly said,

    October 19, 2007 at 6:54 pm

    Thanks guys for the comments.

    I didn’t realize that WordPress eats white space until now. I have created a new website where you can download this script from: http://axelilly.googlepages.com
    You can go to that website and download the original script. Or, you can go to http://teknux.googlepages.com/openvpn-status.py.txt and download his version with some more features.

    Reply

  5. Antani said,

    May 19, 2008 at 2:28 pm

    I got this error:

    Traceback (most recent call last):
    File “./checkOpenvpn”, line 115, in ?
    parsebuffer(searchfile(message_file))
    File “./checkOpenvpn”, line 43, in searchfile
    cleanpid = string.atoi(str(dirtypid[0]).strip(’[]‘).replace(’\n’, ”))
    File “/usr/lib/python2.3/string.py”, line 220, in atoi
    return _int(s, base)
    ValueError: invalid literal for int():

    Any hints on how to make this stuff working?

    Reply

  6. axelilly said,

    July 17, 2008 at 2:20 pm

    Antani:

    I no longer support this script because this functionality is built into OpenVPN now. OpenVPN can be configured to write it’s current status out to a file at a certain time interval. By default, OpenVPN will overwrite the status file with new contents every one minute.

    The status file is configured in the OpenVPN config file with this line:
    status file-to-write-status-to.txt

    Generally, I will keep an eye on this file using the watch command like this:
    watch -n 50 /etc/openvpn/openvon-status.txt

    This file could easily be parsed by another tool such as a web app, etc.

    Good luck!

    Reply

  7. Ben said,

    October 16, 2008 at 10:46 pm

    also,

    nc 127.0.0.1 1195
    status

    shows the connected users

    Reply

  8. Erik said,

    May 7, 2009 at 6:37 pm

    You could just modify the multi.c, line 707 (in v2.1 RC 15), to output the data to whatever file or stdX you want.

    Reply

Post a Comment