Assuming that OpenVPN has already been set up on a server, we only need to edit the server.conf and install the telnet package. However, if we want to solve this more elegant, we install the package expect and write a script.

1. RTFM

https://openvpn.net/community-resources/management-interface/

2. Install the packages

sudo apt-get install telnet expect

3. Activate the OpenVPN management service port

Edit /etc/openvpn/server.conf and add follwing lines:

management localhost 7505

If you don’t find it set yet, send the client a ping every 10 seconds and assume that it will be disconnected after two minutes.

keepalive 10 120

4. Write your script

#!usr/bin/expect
spawn telnet localhost 7505
set timeout 10
expect "OpenVPN Management Interface"
send "status 3\r"
expect END
send "exit\r"

5. Further usage

Of course you can set up a monitoring, which would look like this:

white true; do ./openVPNuserlist.sh | grep -e ^CLIENT_LIST; sleep 1; done

On the other hand, you might get the idea that you could use the public IPv6 of a certain client in a whitelist or something, who knows. This could then be done with a follow-script:

#!/bin/bash
{ echo "allow " ; (/here/are/scripts/openVPNusers.sh | grep 'thewellknownclient*' | grep 'CLIENT_LIST' | awk '{print $3}') ; echo ";" ; } | (tr -d '\n' && echo "") > /reverse/proxy/white.list

If you had the idea to keep the whitelist up to date, because it is a dynamically allocated client, a cronjob would be suitable to keep the file fresh. So run:

sudo crontab -e

and add the following line if a daily run at 23:30 makes sense for you

30 23 * * * root /here/are/scripts/thewellknownclient-ipv6.sh

6. Adjust your file permissions and restart services

sudo chmod 700 /here/are/scripts/openVPNusers.sh
sudo chmod 700 /here/are/scripts/thewellknownclient-ipv6.sh
sudo systemctl restart openvpn.service
sudo systemctl restart cron.service

Categories:

Tags: