Re: [Openvpn-users] Remote Client IPv6 address incorrect logging

Thu, 10 Jun 2021 00:03:04 -0700 

On 09/06/21 17:55, Nikolaos Milas wrote:

Hello,

We are using a LogTraffic.sh script to log client stats at disconnect:

   client-disconnect scripts/LogTraffic.sh
This script logs (among other) the assigned IPv4 and IPv6 addresses, configured in a ccd file as follows for a specific user: 

   ifconfig-push 10.201.32.4 255.255.252.0
   ifconfig-ipv6-push 2001:648:2011:xxxx::4/64 2001:648:2011:a32::1
Although the client connects and gets the configured IP Addresses, the log script does not seem to log the IPv6 address correctly:
logger -p local5.info -t openvpn -- "{\"clientUID\": \"$username\", \"clientHostAddress\": \"$trusted_ip\", \"clientIPv4\": \"$ifconfig_pool_remote_ip\", \"clientIPv6\": \"$ifconfig_ipv6_remote\", \"txVolume\": $bytes_sent, \"rxVolume\": $bytes_received, \"sessionStartUnix\": $time_unix, \"sessionStopUnix\": $((time_unix + time_duration)), \"sessionDurationSeconds\": $time_duration, \"sessionStart\":\"$(date --date=@$time_unix)\",\"sessionStop\":\"$(date --date=@$((time_unix + time_duration)))\", \"sessionDuration\": \"$(printf '%02dh:%02dm:%02ds\n' $((time_duration/3600)) $((time_duration%3600/60)) $((time_duration%60)))\" }"
In particular, the parameter: ifconfig_ipv6_remote does not seem to contain the right value (unless I am not using the right parameter in the first place).
In the above user example, the IPv6 address logged was 2001:648:2011:a32::2, whereas we would like to log the address: 2001:648:2011:xxxx::4. (Note that the logging takes place in the systemd journal.)
We are on CentOS 8. I have tested using versions 2.4.11 (from EPEL) and 2.5.2 (from dsommers/openvpn-release).
I don't know if the whole system setup/architecture affects the discussed parameter values, in which case I can provide more details, if requested. 



try using
  ifconfig_pool_remote_ip6
similar to the way you are using `ifconfig_pool_remote` in your script above; I just ran a test (on CentOS 8) with the EPEL version of OpenVPN and it worked just fine for me. 

HTH,

JJK



_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users

Reply via email to