OpenVPN log connections per user

Question

I'm trying to set up a VPN solution where I can log packet captures of individual connections. I've been focusing on using OpenVPN but I am amenable to other solutions. It is important to note that I have a limited amount of developers to support, so solutions that are configuration-heavy aren't necessarily a problem.

I've reviewed some other OpenVPN posts on SE and identified that I should be able to log the tun interfaces and that I can make per-client configuration files but I'm not sure whether I can merge these two solutions. Ideally, I could simply assign a unique tunnel interface per user in the config file but I'm not sure how to go about that.

Generally, I would include what I've attempted but as I'm not sure how to begin I cannot provide anything meaningful in terms of techniques I've tried that have failed.

Answer 1

Yes, you can combine it.

First says explicitely that it is using generic network traffic tool only logging information about the session - it is stored with the openvpn hook storing information about the session with the disconnection event...

Second one is focused on setting static IP / specific configuration to the clients.

Together you can set up fixed IP to the clients and set up necessary statistics based on the IP for the IPs you are interested in.

You have one interface but you can configure if the clients can communicate between each other or if there is possible more connections for the same client (uid). For this purpose (fixed IP) only one connection per uid would be good idea ;-).

If you want to have extra interface per user you should run instance of openvpn for each user which I suppose is not what you are interested in...

There is not much information what exactly you are interested in but once there is utilized fixed IPs you can focus on tun adapter related to openvpn server and make statistics / dumps "normal way" using tun adapter and known IP of the client.