status-version 2 (The version 2 is essential !) Then you have to enable SNMP to export the status file to the webserver, add a line like this to your /etc/snmp/snmpd.conf: rocommunity public extend clubs /bin/cat /etc/openvpn/clubs.status (clubs is just some identifier here) NOTE: Example taken from /usr/share/doc/packages/net-snmp/EXAMPLE.conf on a SuSE box NOTE: You might have to figure out the exact OID with s.th. like snmpget -On -v 2c -c NET-SNMP-EXTEND-MIB::nsExtendOutputFull.\"clubs\" | head Fill in the configuration vars below with your openvpn server Address & community The table printed below is just a simple example, enable debug to see the entire data structure printed out. The PROVIDER_MAP feature allows to map the remote IP of clients to a shorter string based on the beginning of the IP address. The LOCALIP_MAP features allows looking up the local end of the TCP connection to OpenVPN and mapping it to a name. This utilizes SNMP, too. We use .iso.org.dod.internet.mgmt.mib-2.tcp.tcpConnTable.tcpConnEntry.tcpConnState for this which is numerically .1.3.6.1.2.1.6.13.1.1 Author: Schlomo Schapiro [GSS] License: GNU General Public License http://www.gnu.org/licenses/gpl-3.0.txt Version: 1.1 2007-10-12 Version History: 1.1 GSS Switched to snmpd.conf "extend" method Added LOCALIP_MAP feature to report how the VPN connection is connected on the server (by local IP address) */ define("SNMP_HOST","192.168.250.2"); define("SNMP_COMMUNITY","public"); define("SNMP_OPENVPN_STATUS",'.1.3.6.1.4.1.8072.1.3.2.3.1.2.5.99.108.117.98.115'); define("DEBUG",false); $PROVIDER_MAP=array( "87." => "QSC", "212.202." => "QSC Privat", "85." => "Hansenet" ); # Entries should be in the form ., e.g. 1.2.3.4.1194 $LOCALIP_MAP=array( "192.168.250.9.1194" => "QSC", "192.168.250.8.1194" => "Arcor" ); /* nothing else to configure below to get this script running */ function formattime($timestamp) { return(strftime("%Y-%m-%d %T",$timestamp)); } function time2duration($timestamp) { $years=floor($timestamp / (60*60*24*365)); $timestamp%=60*60*24*365; $weeks=floor($timestamp / (60*60*24*7)); $timestamp%=60*60*24*7; $days=floor($timestamp / (60*60*24)); $timestamp%=60*60*24; $hrs=floor($timestamp / (60*60)); $timestamp%=60*60; $mins=floor($timestamp / 60); $secs=$timestamp % 60; $str=""; if ($years >= 1) { $str.="{$years} years "; } if ($weeks >= 1) { $str.="{$weeks} weeks "; } if ($days >= 1) { $str.="{$days} days "; } if ($hrs >= 1) { $str.="{$hrs} hours "; } if ($mins >= 1) { $str.="{$mins} minutes "; } if ($secs >= 1) { $str.="{$secs} seconds "; } return $str; } function lookup_local_ip($ip,$port=1194) { # try to get values for all IP/Ports given in LOCALIP_MAP via SNMP $result="Unknown"; global $LOCALIP_MAP; foreach ($LOCALIP_MAP as $lookup => $text) { if (@snmpget(SNMP_HOST,SNMP_COMMUNITY,".1.3.6.1.2.1.6.13.1.1.$lookup.$ip.$port")) { $result=$text; break; } } return($result); } ?> OpenVPN Status "); print_r($STATUS); print("\n"); } ?>

OpenVPN Status Display

120 ? "red" : "lightgreen"); ?>">This information was last updated on

'); print(''); print(''); print(''); # try to match the remote IP against our provider map $provider=false; foreach ($PROVIDER_MAP as $pat => $text) { if (strpos($remote_ip,$pat) === 0) { $provider = $text; break; } } # if we don't know about a provider, try to resolve the remote IP print(''); print(''); printf('',$cl[3]/1024/1024); printf('',$cl[4]/1024/1024); print("\n"); $row=($row=="even" ? "odd" : "even"); } ?>

Client	Via	Remote	Provider	Connected	Received (MB)	Sent (MB)
'.$cl[0].'	'.lookup_local_ip($remote_ip,$remote_port).'	'.$remote_ip.'	'.($provider ? $provider : gethostbyaddr($remote_ip)).'	'.formattime($cl[6]).'	%01.3f	%01.3f