The OpenVPN server gives an internal IP addresses to each client that is connecting outside of the network. I want to store these IP addresses in a database after they are assigned. Is there an easy way to tell which IP addresses were handed out by the OpenVPN Server?
thanks for Help
If these aren't statically assigned there isn't a good way to do this other than to extract them from the logfiles since the connections will be randomly assigned IP addresses.
If they are statically assigned AND you are using the Open VPN AccessServer you can do it this way:
sudo /usr/local/openvpn_as/scripts/sacli UserPropGet
which should yield a list of the IP addresses in the output which should look something like this:
{
"<< name_of_user_profile >>": {
...
"conn_ip": "xxx.xxx.xxx.xxx",
...
},
...
}
where the conn_ip is the connection IP address.
If you are trying to merely log users IP addresses and deposit that info into a DB then you might look at this:
Where are the OpenVPN connection logs and configuration files?
In that case you are using an OpenVPN Access Server you may want to try:
grep "primary virtual IP" /var/log/openvpnas.log** > output_file_name
which will give you a file with all of the IP addresses associated with all the users. From there you can further modify the output to get just the bits you want from the file.
You should have a look at /etc/openvpn/openvpn-status.log:
OpenVPN CLIENT LIST
Updated,Fri Sep 4 11:07:18 2020
Common Name,Real Address,Bytes Received,Bytes Sent,Connected Since
client1,11.12.13.14:44444,50000,25000,Fri Sep 4 11:00:54 2020
client2,11.12.13.15:44444,27000,5500,Fri Sep 4 11:00:52 2020
ROUTING TABLE
Virtual Address,Common Name,Real Address,Last Ref
10.8.0.7,client1,11.12.13.14:44444,Fri Sep 4 11:06:13 2020
10.8.0.6,client2,client2,11.12.13.15:44444,Fri Sep 4 11:03:56 2020
GLOBAL STATS
Max bcast/mcast queue length,2
END
When using "client-connect" by configuration or by command line, the script called can access these values from environment. (see Environmental Variables there https://openvpn.net/community-resources/reference-manual-for-openvpn-2-5/#environmental%20ariables).
In your case "$ifconfig_pool_remote_ip" should be the right one, or the undocumented "$ifconfig_pool_remote_ip6".
#!/bin/bash
# client-connect.sh, executed by the openvpn user with limited rights
# Write some vars to a debug file or to your database :
cat << EOF > /some_accessible_dir_but_not_tmp/debug_vars.log
# -- script_type $script_type --
# ifconfig_pool_remote_ip $ifconfig_pool_remote_ip the inside ip of the client from the ipv4 pool
# ifconfig_pool_remote_ip6 $ifconfig_pool_remote_ip6
# trusted_ip $trusted_ip : the outside ip of the client
EOF
