On 15/06/2022 16:48, Bo Berglund wrote:
On Wed, 15 Jun 2022 14:00:52 +0000, tincantech via Openvpn-users
<openvpn-users@lists.sourceforge.net> wrote:
I have scanned the documentation for OpenVPN:
https://openvpn.net/community-resources/reference-manual-for-openvpn-2-4/
But I do not find a setting that will swichh ON timetsmps in log lines.
There are these related items:
--suppress-timestamps
It seems to disallow timestam ps which is exactly what my installation does
without this setting...
--machine-readable-output
I really do not understand the description here. It seems like this would use
some kind of special formatting of the timestamp, but does not control the fact
that we want timestamps in the first place...
time_ascii and time_unix
Seems to only be related to the execution of the --client-connect script.
I have looked in vain for a --enable-timestamps settings.
The only log related items in my conf file are:
log /etc/openvpn/log/openvpn.log
verb 4
mute 10
It would help a lot if I could see the timestamps when debugging problems
I would recommend you to install rsyslog the package if you want to be
more advanced. These do the log-to-disk in plain-text far more
efficient than the primitive OpenVPN logging mechanism. And it removes
some CPU cycles from the OpenVPN process doing that.
So in other words: On a systemd enabled system, using the "log" option
is not optimal.
Generally speaking, on systemd enabled systems you have the journalctl
which is the main interface to read log entries. The basic output looks
quite similar to any common log file. But you can also use the '-o'
output to get far more details, including better machine readable outputs.
$ journalctl -o help
short
short-full
short-iso
short-iso-precise
short-precise
short-monotonic
short-unix
verbose
export
json
json-pretty
json-sse
cat
with-unit
As you have explained, you run multiple OpenVPN configurations
(server.conf, serverlocal.conf). With the journalctl, you can then
filter on these configs alone:
# journalctl -u openvpn-server@server.service
And then you can narrow in to a smaller time window
# journalctl -b (Since last boot)
# jorunalctl -b-2 (Since the last 2 boots)
# journalctl --since -10m (Last 10 minutes)
# journalctl --since "2022-06-15 10:00"
# journalctl --since yesterday
It also supports --until as well. If you add -f, you get the "tail -f"
behavior.
When using the more verbose output formats (like verbose,
json/json-pretty, export), you see there are more meta data fields. You
can also filter on those:
# journalctl _PID=2741081
# journalctl _COMM=openvpn + SYSLOG_FACILITY=3
And all of these options can be combined, including -u and -o. And you
can also filter on fields not listed in the output.
I also mentioned rsyslog initially, as that is also able to add filters
and log specific events into dedicated log files. It also has a native
journal support via the imjournal module, where rsyslog can also be
configured to process the json formatted data and apply filters based on
the structured journal data.
And a final note in regards to the systemd unit files. Please
disable/mask the use of openvpn@*.service and openvpn.service unit
files. When you only use the openvpn-client@.service and
openvpn-server@.client, you will have an environment which will be
easier to debug and troubleshoot. I mention this as I saw the
"openvpn@server.service" unit was listed as "failed".
--
kind regards,
David Sommerseth
OpenVPN Inc
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Hi,
this is a setting in the openvpn systemd unit file.
The setting to remove is --suppress-timestamps from the 'ExecStart=' line.
Sorry, I forgot to say that my server is an Ubuntu 20.04.4 server with openvpn
version:
OpenVPN 2.4.7 x86_64-pc-linux-gnu
Where can I find the openvpn systemd unit file to edit?
The command:
sudo ls -l /etc/systemd/system/
Does not show any openvpn related files...
This is what I can get from systemctl:
$ sudo systemctl | grep openvpn
openvpn-server@server.service loaded active running OpenVPN service
for server
openvpn-server@serverlocal.service loaded active running OpenVPN service
for serverlocal
openvpn.service loaded active exited OpenVPN service
? openvpn@server.service loaded failed failed OpenVPN connection
to server
system-openvpn.slice loaded active active
system-openvpn.slice
system-openvpn\x2dserver.slice loaded active active
system-openvpn\x2dserver.slice
Why do I want this?
-------------------
I am trying to set up a back-channel for an ovpn connection for a remote router.
It connects fine and the clients on that router can navigate the Internet just
fine via VPN too.
But I also want to be able to configure the router itself so I want to be able
to connect to 192.168.213.1 via the OpenVPN server when the router is connected.
This works fine on another remote location where I can access the router
interface for config just fine while it is connected by OVPN.
So the settings on that for this have been used as template for the new router
connection. But I cannot connect to the router still.
I figured I should try to check what is happening in the logs but cannot see the
timestamps so as to pinpoint where the connection differs from the one at the
working location...
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
