Hi, Thanks very much! It's funny, but I was actually trying exactly this last night, just hadn't reported back as I was seeing one oddity with it ... it does trigger, but the message seems to be sent more than once? Not sure why, still working through that. But I did confirm, the double send is happening on the sending end (i.e. not the remote syslog).
I agree with you though, this seems like the most reliable approach. Thanks again, ... Russell -----Original Message----- From: David Sommerseth <open...@sf.lists.topphemmelig.net> Sent: Tuesday, May 26, 2020 6:42 AM To: Morris, Russell <rmor...@rkmorris.us>; Selva Nair <selva.n...@gmail.com> Cc: openvpn users list (openvpn-users@lists.sourceforge.net) <openvpn-users@lists.sourceforge.net> Subject: Re: [Openvpn-users] syslog, drop Port Sharing Messages On 26/05/2020 03:28, Morris, Russell wrote: > BTW, one other minor question ... is there a particular message (from syslog) > to check for, to know when a connection does in fact happen? It seems like > this may be the best option? >> ACCT/IP:PORT MULTI_sva: pool returned IPv4=192.168.xxx.xxx, IPv6=(Not >> enabled) > A much more reliable approach would be to use --client-connect and --client-disconnect script hooks. Just save a script like this in /usr/local/bin/openvpn-connection-logging (and ensure it is executable) --------------------------------------------------------------- #!/bin/sh logger -t ovpn-conn-change "$script_type - $common_name / $ifconfig_pool_remote_ip" --------------------------------------------------------------- And in your OpenVPN server config add: client-connect /usr/local/bin/openvpn-connection-logging client-disconnect /usr/local/bin/openvpn-connection-logging Then you should get some log messages tagged as "ovpn-conn-change" in your syslog, with information if it is a connection connect or disconnect and which client it relates to. (This example has not been tested, but I've done similar tricks in other setups ages ago) -- kind regards, David Sommerseth OpenVPN Inc > -----Original Message----- > From: Selva Nair <selva.n...@gmail.com> > Sent: Sunday, May 24, 2020 10:04 PM > To: Morris, Russell <rmor...@rkmorris.us> > Cc: openvpn users list (openvpn-users@lists.sourceforge.net) > <openvpn-users@lists.sourceforge.net> > Subject: Re: [Openvpn-users] syslog, drop Port Sharing Messages > > Hi Russel, > > All good here though still in lockdown.. > > In my limited experience, sslh works fine. That said, OpenVPN --port-share > also works well for me, though I've seen reports that its "slow" in passing > the connection over to the alternate service. > > In the rare occasions where I have to use port sharing, I prefer sslh as its > meant to do just that (port multiplexing) and can also support multiple > services. But haven't done any customized logging from it as that's your main > concern. > > Best, > > Selva > > On Sun, May 24, 2020 at 9:18 PM Morris, Russell <rmor...@rkmorris.us> wrote: >> >> Hi Selva! >> >> Good to hear from you. Hope all is going well there - and hope you and your >> family are staying safe. >> >> Thanks for the info - will give this a try. Have you used it BTW? And do you >> see it as faster / lower CPU load? >> >> Thanks again, >> ... Russell >> >> >> >> -----Original Message----- >> From: Selva Nair <selva.n...@gmail.com> >> Sent: Sunday, May 24, 2020 4:35 PM >> To: Morris, Russell <rmor...@rkmorris.us> >> Cc: openvpn users list (openvpn-users@lists.sourceforge.net) >> <openvpn-users@lists.sourceforge.net> >> Subject: Re: [Openvpn-users] syslog, drop Port Sharing Messages >> >> Hi Russel, >> >> Greetings! >> >>> >>> Perhaps a dumb question, but I’m setting up a Graylog (syslog) server, and >>> finding that I see a lot of records like the one below – I believe because >>> I’m port sharing (and have to, not really an option there). Just to make >>> sure though … I think it’s pretty safe to just dump these, is that right? >>> And really, to avoid the extra processing – is there a way to not even have >>> the OpenVPN server generate them (as I know I’m port sharing … LOL). >>> >>> ip.ip.ip.ip:port Non-OpenVPN client protocol detected >> >> I don't think it can be suppressed short of using verb 0. Not sure why its >> printed even at low verb levels. Another option may be to use something like >> sslh to do the port redirection -- supposedly faster than OpenVPN's >> --port-share and supports ssh as well. >> https://github.com/yrutschle/sslh/ >> >> Selva > _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
