OPNsense Forum
English Forums => Tutorials and FAQs => Topic started by: pankaj on January 03, 2022, 11:09:12 pm
-
Hi,
I use this set up to get an alert whenever a VPN user (family members) logs into my home LAN, the HOWTO is meant for smaller network when use of VPN is minimal.
Step-1: Under OpenVPN, go to "server" settings and under "Advanced" add these lines
status /var/log/openvpn-status.log
status-version 1
Step-2: head over to Monit and create following "Service Test Setting"
Name: VPN_EVE
content = "192\.168\.9"
Action: Alert
Note: # The content can be any keyword and in this example I using the subnet for the VPN clients but any unique keyword can be used (see below for more on openvpn-status log file)
Step-3: Under "Service Settings"
Name: VPN_Alert
Type: File
Path: /var/log/openvpn-status.log
Tests: VPN_EVE
Step-4: Under Alert Settings create a new one or to an existing one make sure following is selected:
ContentFailed
In addition, you can change message format like:
Subject: VPN User Alert
Message:
$EVENT
$SERVICE
$ACTION
$DESCRIPTION
Step-5: If everything went well then under status you should see something like:
File 'VPN_Alert'
status OK
monitoring status Monitored
monitoring mode active
on reboot start
permission 600
uid 0
gid 0
size 227 B
access timestamp Mon, 03 Jan 2022 13:41:26
change timestamp Mon, 03 Jan 2022 14:00:39
modify timestamp Mon, 03 Jan 2022 14:00:39
content match no
data collected Mon, 03 Jan 2022 14:01:27
Notes:
1. Based on the "polling interval" under general setting of Monit, the above configuration will poll for changes to openvpn-status.log file once per cycle.
2. The openvpn-status.log file is updated every 60 seconds by default
3. Here is how the file /var/log/openvpn-status.log looks before and after a VPN user logs into the system:
root@OPNsense:~ # cat /var/log/openvpn-status.log
OpenVPN CLIENT LIST
Updated,2022-01-03 10:43:54
Common Name,Real Address,Bytes Received,Bytes Sent,Connected Since
ROUTING TABLE
Virtual Address,Common Name,Real Address,Last Ref
GLOBAL STATS
Max bcast/mcast queue length,0
END
root@OPNsense:~ # cat /var/log/openvpn-status.log
OpenVPN CLIENT LIST
Updated,2022-01-03 10:47:59
Common Name,Real Address,Bytes Received,Bytes Sent,Connected Since
vpn,200.190.04.40:1828,9183,10901,2022-01-03 10:47:14
ROUTING TABLE
Virtual Address,Common Name,Real Address,Last Ref
192.168.9.6,vpn,200.190.04.40:1828,2022-01-03 10:47:58
GLOBAL STATS
Max bcast/mcast queue length,0
END
4. So we could have used any unique sub-string from the file for Step-2 which would establish conclusively that the file has changed thereby a VPN user has logged into the system.
Lastly, Monit is a very feature rich tool and it is possible to improve just about every step outlined above and here are few resources.
- Options for tweaking OpenVPN - https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage?__cf_chl_jschl_tk__=WZ3kUQ81f2Ri6EzWRaRVczyEQVkIq5ZJRQfe4GjVqtQ-1641247846-0-gaNycGzNCL0#lbAS (https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage?__cf_chl_jschl_tk__=WZ3kUQ81f2Ri6EzWRaRVczyEQVkIq5ZJRQfe4GjVqtQ-1641247846-0-gaNycGzNCL0#lbAS)
- Manual for Monit - https://mmonit.com/monit/documentation/monit.html#Message-format (https://mmonit.com/monit/documentation/monit.html#Message-format)
- Examples specific to OPNSense - https://docs.opnsense.org/manual/monit.html?highlight=monit#example-2 (https://docs.opnsense.org/manual/monit.html?highlight=monit#example-2)
Hope this helps!
-
Thanks, instructions working great. One note I'd like to add (since I'm new to all this and may be helpful for someone else too) ... don't log your udp/tcp/openvpn instances to the same file! I had set my tcp and udp instances to the same log file and wasn't seeing any 'changes' to it after it created it.
-
Curious if you know how to set this up if using WireGuard with OpnSense? I can't find any write-ups but I would like to know if / when someone connects.