Hi,
I am interested in using Monit to create an alert for me whenever a VPN user logs-in and logs-off. And I'm unable to lock on to any single trigger or info within OPNSense around which I can create a Setting Test for Monit. In the Dashboard, I have a OPNVPN tab which shows the IP address of VPN users when active but I cannot find this trigger or process within OPNSense.
If anyone has any pointers please point me in the right direction.
Thanks,
PS: My golden idea was to monitor the IP address sub-net assigned to VPN user but after few hours of log analysis I learned that VPN handles DHCP differently and nothing ever showed up in OPNSense DHCP leases :D
I read few threads online and on this forum and think that folks have done it two different ways, I do not quiet grasp the exact details of each option (need to research) but just wanted to get some feedback on pros and cons.
1. Using custom script in Monit: that will parse /var/log/openvpn.log for entries and extract information on users, time of log-on/log-off etc. This script will likely need to run periodically and can extract all information needed except for one minor glitch that it is way beyond my bash scripting skill but I will give it a try for fun :)
2. OpenVPN can execute a custom script when a user logs on (or logs off) and the bash script can send the notification (likely not need Monit) with simple information like "User-A logged-on/logged-off at <time>". I am reading OpenVPN documentation for it but if anyone knows where to place this custom script, please let me know.
Since this is a home LAN the use of VPN is minimal and either of the options would suffice as long as it works. If there are any pointers or omissions then please let me know.
Something like this:
https://docs.opnsense.org/manual/monit.html?highlight=monit#example-2
Quote from: mimugmail on January 02, 2022, 09:43:36 PM
Something like this:
https://docs.opnsense.org/manual/monit.html?highlight=monit#example-2
Thanks @mimugmail for the response.
Since I sporadically VPN into my home LAN from outside, this approach will likely create a barrage of alerts when VPN is down and actually not needed.
I found that OpenVPN creates a host of environment variable, see here - https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage#lbAS.
And it might simpler to just write a bash script that:
1. If "ifconfig_remote" and "ifconfig_local" are not null
2. Then do something with Monit alert
3. Else do nothing
I've tried all possible ways to access these environment variables but to no avail.
Under OpenVPN Server there is a setting under advanced where I added "client-connect /root/connect.sh" and the script /root/connect.sh is actually executed when VPN user logged into the system. But the problem with this script is that I tried exporting OpenVPN variables out but it just doesn't work >:( ;)
I've figured this out and have posted the details as a HOWTO just in case anyone is trying the same thing.
https://forum.opnsense.org/index.php?topic=26221.0