[pfSense Support] Monitor traffic through vpn
I have been asked to monitor traffic, per user through our openvpn pfsense setup, as its setup for filtering (Therefor I know what ip each user uses), I presume this can easily be done by looking at traffic between the opt int and the lan int. Are there provisions built in to pfsense to make this easy, can I send the data to a different host for example w/ a mysql backend? Thanks! jlc - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Monitor traffic through vpn
Joseph L. Casale wrote: I have been asked to monitor traffic, per user through our openvpn pfsense setup, as its setup for filtering (Therefor I know what ip each user uses), I presume this can easily be done by looking at traffic between the opt int and the lan int. Are there provisions built in to pfsense to make this easy, can I send the data to a different host for example w/ a mysql backend? If you have your OpenVPN tun interface assigned as an OPT, you can probably use any of the existing bandwidth monitoring software packages: http://doc.pfsense.org/index.php/How_can_I_monitor_bandwidth_usage%3F You might be able to find a free netflow collector that can push data to MySQL, but I have only tinkered with netflow (there is a free perl script out there somewhere that grabs data). Jim - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Monitor traffic through vpn
On 04/12/09 16:08, Joseph L. Casale wrote: I have been asked to monitor traffic, per user through our openvpn pfsense setup, as its setup for filtering (Therefor I know what ip each user uses), I presume this can easily be done by looking at traffic between the opt int and the lan int. Are there provisions built in to pfsense to make this easy, can I send the data to a different host for example w/ a mysql backend? actually, that's something I would like to do as well. if I do ifconfig tun0 it doesn't report any traffic; neither does it do so for enc0 when using ipsec # ifconfig enc0 enc0: flags=141UP,RUNNING,PROMISC metric 0 mtu 1536 # ifconfig tun0 tun0: flags=8051UP,POINTOPOINT,RUNNING,MULTICAST metric 0 mtu 1500 inet6 ::xxx:::%tun0 prefixlen 64 scopeid 0x1d inet x.x.x.x -- x.x.x.x netmask 0x Opened by PID 39108 # what you can do with openvpn is to add a custom setting status, e.g. status /etc/myopenvpn.status this file gets populated thus: OpenVPN STATISTICS Updated,Fri Dec 4 16:16:53 2009 TUN/TAP read bytes,0 TUN/TAP write bytes,0 TCP/UDP read bytes,2821442 TCP/UDP write bytes,2657319 Auth read bytes,656320 pre-compress bytes,0 post-compress bytes,0 pre-decompress bytes,0 post-decompress bytes,0 END You could probably hack up a munin plugin to read this. Hang on, someone already did homepage: http://munin.projects.linpro.no/wiki/plugin-openvpn plugin: http://rodolphe.quiedeville.org/hack/munin/openvpn/ HTH Paul - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
RE: [pfSense Support] Monitor traffic through vpn
If you have your OpenVPN tun interface assigned as an OPT, you can probably use any of the existing bandwidth monitoring software packages: http://doc.pfsense.org/index.php/How_can_I_monitor_bandwidth_usage%3F Wow, the ntop package out of the box displayed what I needed exactly as I wanted. No need to produce anyting better. Thanks! jlc
