5

How do you know if a site to site VPN tunnel is established in OpenVPN? Apart from pinging the other side, is there a command or something that shows the status of the tunnel?

slm
  • 7,355
  • 16
  • 54
  • 72
Lock
  • 1,557
  • 6
  • 25
  • 33

4 Answers4

2

In addition to what @quanta suggested:

  1. Use OpenVPN management interface and its "status" command.

"man openvpn" will tell you how to set up and use this interface (search for "--management")

OpenVPN in peer-to-peer (1.x), server (2.x) and client (2.x) mode produces different outputs, but it will let you see if it is connected. In server mode it will list all connected clients.

  1. OpenVPN could dump its status to text file every n seconds. Again, "man openvpn" (look for "--status"). Contents of the file will be exactly same that management status command produces.

  2. OpenVPN could execute arbitrary script when connection is established, closed, daemon started or before shutdown etc., in practice you can script almost any movement. Nothing forbids you from using, say, desktop notification from the hook script.

Search for "SCRIPTING" in "man openvpn".

Of course, each of these options can be added into openvpn config file, if you omit leading "--".

In general, I strongly advise you to read the man page completely, just to be aware of what it could do and what are consequences.

Nikita Kipriyanov
  • 8,033
  • 1
  • 21
  • 39
1

openvpn config:

# Output a short status file showing
# current connections, truncated
# and rewritten every minute.
status /var/log/openvpn.status

/var/log/openvpn.status:

OpenVPN CLIENT LIST                                                      
Updated,Fri Aug 10 09:35:37 2018                                         
Common Name,Real Address,Bytes Received,Bytes Sent,Connected Since       
client3,111.222.33.44:57006,24439169,25564869,Tue Jun 26 21:07:37 2018  
raspberry,44.33.222.111:43656,17175937,18342688,Mon Jul  9 12:58:34 2018
ROUTING TABLE                                                            
Virtual Address,Common Name,Real Address,Last Ref                        
172.20.0.18,client3,111.222.33.44:57006,Tue Jun 26 21:07:39 2018        
172.20.0.14,raspberry,44.33.222.111.50:43656,Mon Jul  9 12:58:35 2018      
GLOBAL STATS                                                             
Max bcast/mcast queue length,0                                           
END

you can easily parse it

exeral
  • 1,609
  • 9
  • 19
0
  1. Check the logs file on the both side.
  2. sudo /sbin/ifconfig to make sure that tun/tap interface up and running.
  3. route -n to examize the routing table.
quanta
  • 50,327
  • 19
  • 152
  • 213
  • So does that mean both client and server should have the tun interface when running ifconfig? Im attempting my first setup and having issues- and the client doesn't have a tun interface.. This is obviously not normal. – Lock Aug 10 '12 at 08:28
  • Yes. Show us the output when running openvpn from the command line. Increase the verbose level (`verb` option) if needed. – quanta Aug 10 '12 at 08:32
0

Simply use the following command on terminal window.

tail -f -n 15 /var/log/openvpn/status.log

OpenVPN CLIENT LIST
Updated,XXXXXXXXXXXX
Common Name,Real Address,Bytes Received,Bytes Sent,Connected Since
XXXXXXXXXXXX
XXXXXXXXXXXX
ROUTING TABLE
Virtual Address,Common Name,Real Address,Last Ref
XXXXXXXXXXXX
GLOBAL STATS
Max bcast/mcast queue length,1
END
Community
  • 1
Don Dilanga
  • 232
  • 2
  • 8