{"id":1034,"date":"2023-04-26T18:46:48","date_gmt":"2023-04-26T18:46:48","guid":{"rendered":"https:\/\/ptak.wtf\/?p=1034"},"modified":"2023-08-24T09:08:55","modified_gmt":"2023-08-24T09:08:55","slug":"list-connected-openvpn-2-5-1-clients-debian-11-6-on-a-server","status":"publish","type":"post","link":"https:\/\/ptak.wtf\/?p=1034","title":{"rendered":"List connected OpenVPN (2.5.1) Clients (Debian 11.6) on a Server"},"content":{"rendered":"<p>Assuming that OpenVPN has already been set up on a server, we only need to edit the <strong>server.conf<\/strong> and install the <strong>telnet<\/strong> package. However, if we want to solve this more elegant, we install the package <strong>expect<\/strong> and write a script.<\/p>\n<h2>1. RTFM<\/h2>\n<pre><a href=\"https:\/\/openvpn.net\/community-resources\/management-interface\/\">https:\/\/openvpn.net\/community-resources\/management-interface\/<\/a><\/pre>\n<h2>2. Install the packages<\/h2>\n<pre>sudo apt-get install telnet expect<\/pre>\n<h2>3. Activate the OpenVPN management service port<\/h2>\n<p>Edit <span style=\"color: #339966;\">\/etc\/openvpn\/server.con<\/span>f and add follwing lines:<\/p>\n<pre>management localhost 7505<\/pre>\n<p>If you don&#8217;t find it set yet, send the client a ping every 10 seconds and assume that it will be disconnected after two minutes.<\/p>\n<pre>keepalive 10 120<\/pre>\n<h2>4. Write your script<\/h2>\n<pre><span style=\"color: #339966;\">#!usr\/bin\/expect<\/span>\r\nspawn telnet localhost 7505\r\nset timeout 10\r\nexpect \"OpenVPN Management Interface\"\r\nsend \"status 3\\r\"\r\nexpect END\r\nsend \"exit\\r\"<\/pre>\n<h2>5. Further usage<\/h2>\n<p>Of course you can set up a monitoring, which would look like this:<\/p>\n<pre>white true; do .\/openVPNuserlist.sh | grep -e ^CLIENT_LIST; sleep 1; done<\/pre>\n<p>On the other hand, you might get the idea that you could use the public IPv6 of a certain client in a whitelist or something, who knows. This could then be done with a follow-script:<\/p>\n<pre><span style=\"color: #339966;\">#!\/bin\/bash<\/span>\r\n{ echo \"allow \" ; (\/here\/are\/scripts\/openVPNusers.sh | grep 'thewellknownclient*' | grep 'CLIENT_LIST' | awk '{print $3}') ; echo \";\" ; } | (tr -d '\\n' &amp;&amp; echo \"\") &gt; \/reverse\/proxy\/white.list<\/pre>\n<p>If you had the idea to keep the whitelist up to date, because it is a dynamically allocated client, a cronjob would be suitable to keep the file fresh. So run:<\/p>\n<pre>sudo crontab -e<\/pre>\n<p>and add the following line if a daily run at 23:30 makes sense for you<\/p>\n<pre>30 23 * * * root \/here\/are\/scripts\/thewellknownclient-ipv6.sh<\/pre>\n<h2>6. Adjust your file permissions and restart services<\/h2>\n<pre>sudo chmod 700 \/here\/are\/scripts\/openVPNusers.sh\r\nsudo chmod 700 \/here\/are\/scripts\/thewellknownclient-ipv6.sh\r\nsudo systemctl restart openvpn.service\r\nsudo systemctl restart cron.service\r\n<\/pre>\n","protected":false},"excerpt":{"rendered":"<p>Assuming that OpenVPN has already been set up on a server, we only need to edit the server.conf and install the telnet package. However, if we want to solve this more elegant, we install the package expect and write a script. 1. RTFM https:\/\/openvpn.net\/community-resources\/management-interface\/ 2. Install the packages sudo apt-get install telnet expect 3. Activate [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":1041,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"ngg_post_thumbnail":0,"footnotes":""},"categories":[12],"tags":[],"class_list":["post-1034","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-geeky"],"_links":{"self":[{"href":"https:\/\/ptak.wtf\/index.php?rest_route=\/wp\/v2\/posts\/1034","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ptak.wtf\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ptak.wtf\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ptak.wtf\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/ptak.wtf\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1034"}],"version-history":[{"count":8,"href":"https:\/\/ptak.wtf\/index.php?rest_route=\/wp\/v2\/posts\/1034\/revisions"}],"predecessor-version":[{"id":1062,"href":"https:\/\/ptak.wtf\/index.php?rest_route=\/wp\/v2\/posts\/1034\/revisions\/1062"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ptak.wtf\/index.php?rest_route=\/wp\/v2\/media\/1041"}],"wp:attachment":[{"href":"https:\/\/ptak.wtf\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1034"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ptak.wtf\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1034"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ptak.wtf\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1034"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}