ricardoalcg
Posts: 5
Joined: Tue Nov 21, 2017 3:45 pm

PiVPN monitor traffic

Mon Nov 11, 2019 6:18 pm

Hi. I've installed PiVPN on my Raspberry and created the user's who are accessing to the VPN with no problems.

So now I need to some kind of monitoring the activity throught this VPN.
In the /var/log/Openvpn.log I see when a user connects to the VPN and the source IP but I need to see also what contents and traffic of that user in my VPN.

How can I do this?


Thank you

GOTO GOSUB
Posts: 11
Joined: Tue Oct 01, 2019 11:15 am

Re: PiVPN monitor traffic

Tue Nov 12, 2019 11:33 am

It sounds like your users need protection from you... why are you interested in the contents of their VPN traffic ?

Please remember that commercial VPN providers make a big thing of NOT keeping logs. If you are providing a VPN for someone they will expect a service free from someone snooping on them. I don't think any off the shelf VPN solution will allow you the sort of back door you want.

ricardoalcg
Posts: 5
Joined: Tue Nov 21, 2017 3:45 pm

Re: PiVPN monitor traffic

Tue Nov 12, 2019 1:01 pm

Hi.

I didn't explain myself correctly.
The /var/log/Openvpn.log show me when a user connects to the VPN and it's IP address but do not show when he disconnect.
What I really need to know is the connection duration.

The reason for this is because the users say they cannot connect and I see in the log that they were connected, but I don't know the connection duration.

Thank you
Best regards

GOTO GOSUB
Posts: 11
Joined: Tue Oct 01, 2019 11:15 am

Re: PiVPN monitor traffic

Tue Nov 12, 2019 1:34 pm

I am not familiar with PiVPN but it seems to be a fork of OpenVPN in which case the available commands are probably the same as for OpenVPN. Quickly Googling it reveals that you might find adding:

--client-disconnect

to your config file does the trick.

As I say, I am not familiar with this but perhaps the following might mean more to you:

https://forums.openvpn.net/viewtopic.php?t=20742
https://community.openvpn.net/openvpn/w ... n23ManPage
https://forums.openvpn.net/viewtopic.php?t=21836

Is this any help ?

ricardoalcg
Posts: 5
Joined: Tue Nov 21, 2017 3:45 pm

Re: PiVPN monitor traffic

Tue Nov 12, 2019 5:07 pm

Hi.
Thank you for the help.

I've find out that adding --explicit-exit-notify 3 to the clients config files does the trick and give me the logout time in the openvpn.log file.


It will be great if there is some way to simplify the auditing of the file rather than check it line by line

GOTO GOSUB
Posts: 11
Joined: Tue Oct 01, 2019 11:15 am

Re: PiVPN monitor traffic

Wed Nov 13, 2019 11:13 am

One word:

STAFF.

:D

Actually, try loading the resulting log into something like Notepad++

https://notepad-plus-plus.org

... one of the nice features here is if you select some text it immediately shows you all of the other instances in the file - so say you have one user of interest you only have to search for (or find) them once and all other instances of their ID or name will be highlighted making them easier to spot.

Lewis-H
Posts: 26
Joined: Thu Oct 31, 2019 12:45 pm

Re: PiVPN monitor traffic

Wed Nov 13, 2019 2:34 pm

1. Log into your Pi and navigate to the command prompt. If you’re using a headless Pi, connect via SSH.

2. Type sudo apt-get install openvpn to install the OpenVPN packages. Type Y and hit Enter if asked to confirm.


3. Navigate to the folder for your OpenVPN configuration files by typing cd /etc/openvpn.

4. Download the configuration files from your VPN provider. In our case we can do this using wget – don’t forget to use sudo as the etc folder isn’t writeable by ordinary users. In our case, the command is sudo wget https://downloads.nordcdn.com/configs/a ... s/ovpn.zip, followed by sudo unzip ovpn.zip to decompress it.


A quick "ls" command will show if you have been successful. There should be a list of files ending in .ovpn. Note that some VPN providers may have packaged these files with subdirectories, for example for connections encrypted with optional 128bit or 256bit protection. You’ll need to move the files to the etc/openvpn directory using the mv command.

5. Open a connection to any of these servers using the command sudo openvpn example.ovpn –daemon where "example" is the filename of the configuration file. If you try this now, you’ll notice that the script asks for your username and password to authenticate the connection. Do test to see if the connection is working by typing ifconfig. You should see a connection marked "TUN", which is your VPN tunnel.

Stop Entering Passwords
So far we have a slightly cumbersome way of connecting our Pi to a VPN via a terminal which requires you to enter your username and password when you want to connect. Good, but it could be better – we’re going to create a few scripts to automatically create your credentials.

Take a look at the VPN files you downloaded to your desktop and open one of them. You should see that it starts with client and that there’s a list of commands. These include a line that contains "auth-user-pass". We can alter this line to automatically feed a username and password to our config file when it is called.

1. Navigate to /etc/openvpn and type sudo nano vpnlogin. This should open up the nano text editor.

2. Create a text document that has nothing except your username for the VPN provider on the first line, and your password on the second.


3. Hit CTRL+O to write the contents to disk, then CTRL+X to quit nano.

4. Pick the VPN connection you think you’ll use the most and edit the config file using sudo nano example.ovpn.

5. Change the line that says "auth-user-pass" to "auth-user-pass vpnlogin".

Now when you start that connection using the "openvpn" command, it should connect directly without the password prompt. (See boxout to change all the config files at once.)

Hope this helps!
Regards,
Lewis

Return to “Networking and servers”