OpenVPN serveri haldusliides
Allikas: Kuutõrvaja
OpenVPN serveri haldusliides
OpenVPN seadistusfailis parameetriga status näidatud faili
status /var/log/openvpn-status.log
kirjutatakse vaikimisi iga kümne minuti järel serveri poolt parajagu teenindatavate klientide andmed, nt
OpenVPN CLIENT LIST Updated,Fri Jul 17 14:34:56 2009 Common Name,Real Address,Bytes Received,Bytes Sent,Connected Since martkask.vpn.loomaaed.tartu.ee,192.168.96.138:63419,27400961,132144718,Wed Jul 15 05:59:04 2009 priitkask.vpn.loomaaed.tartu.ee,192.168.102.10:4166,105785,145163,Fri Jul 17 11:53:36 2009 ROUTING TABLE Virtual Address,Common Name,Real Address,Last Ref 172.17.10.9,martkask.vpn.loomaaed.tartu.ee,192.168.96.138:2336,Fri Jul 17 14:34:55 2009 172.17.10.13,priitkask.vpn.loomaaed.tartu.ee,194.126.102.10:4166,Fri Jul 17 13:16:51 2009 GLOBAL STATS Max bcast/mcast queue length,0 END
Lisaks on olemas OpenVPN serveri nö haldusliides, mille sisselülitamiseks tuleb kasutada seadistusfailis nt rida
management 127.0.0.1 1111 stdin
kus on kirjas millisel ip aadressil ja pordil (1111/tcp) haldusliides töötab, stdin tähendab, et openvpn serveri käivitamisel tuleb sisestada haldusliidese parool, aga openvpn manuaal kirjeldab ka teisi haldusliidese kasutaja autentimise variante.
Liidese poole saab pöörduda telnet'iga, nt selliselt küsides liideses help'i
# telnet localhost 1111
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
ENTER PASSWORD:parool
SUCCESS: password is correct
>INFO:OpenVPN Management Interface Version 1 -- type 'help' for more info
help
Management Interface for OpenVPN 2.1_rc15 i386-unknown-openbsd4.5 [SSL] [LZO1] built on Mar 1 2009
Commands:
auth-retry t : Auth failure retry mode (none,interact,nointeract).
bytecount n : Show bytes in/out, update every n secs (0=off).
echo [on|off] [N|all] : Like log, but only show messages in echo buffer.
exit|quit : Close management session.
forget-passwords : Forget passwords entered so far.
help : Print this message.
hold [on|off|release] : Set/show hold flag to on/off state, or
release current hold and start tunnel.
kill cn : Kill the client instance(s) having common name cn.
kill IP:port : Kill the client instance connecting from IP:port.
log [on|off] [N|all] : Turn on/off realtime log display
+ show last N lines or 'all' for entire history.
mute [n] : Set log mute level to n, or show level if n is absent.
needok type action : Enter confirmation for NEED-OK request of 'type',
where action = 'ok' or 'cancel'.
needstr type action : Enter confirmation for NEED-STR request of 'type',
where action is reply string.
net : (Windows only) Show network info and routing table.
password type p : Enter password p for a queried OpenVPN password.
client-auth CID KID : Authenticate client-id/key-id CID/KID (MULTILINE)
client-auth-nt CID KID : Authenticate client-id/key-id CID/KID
client-deny CID KID R : Deny auth client-id/key-id CID/KID with reason text R
client-kill CID : Kill client instance CID
client-pf CID : Define packet filter for client CID (MULTILINE)
signal s : Send signal s to daemon,
s = SIGHUP|SIGTERM|SIGUSR1|SIGUSR2.
state [on|off] [N|all] : Like log, but show state history.
status [n] : Show current daemon status info using format #n.
test n : Produce n lines of output for testing/debugging.
username type u : Enter username u for a queried OpenVPN username.
verb [n] : Set log verbosity level to n, or show if n is absent.
version : Show current version number.
END
