Log external IP address of OpenVPN clients on connect and disconnect
Would it be possible to add the IP address of the user when they are authenticated? This would assist with doing graylog email alerts when users connect in as this particular syslog entry does not include where the user is connecting from. I attached a mocked up example.
openvpn PID user 'USERNAME' authenticated
Updated by Jim Pingle 5 months ago
- Category changed from Logging to OpenVPN
- Priority changed from Normal to Low
- Target version set to Future
In theory it should be possible, but would need validation to ensure it works as desired.
The data should be available from OpenVPN in the environment via
untrusted_ip/untrusted_ip6 but would need passed through the various auth scripts like is done for the user/pass/cn.
Updated by Michael Novotny 5 months ago
The syslog entries are called on /etc/inc/openvpn.auth-user.php around lines 120 & 163 ("could not authenticate" & "authenticated"); the user's connected from IP address entry would go there.
I'm not a daily programming guru... but at quick glance, I'm not seeing OpenVPN env vars being passed, so I leave this with the experts.