#!/usr/bin/env python3 # # Copyright (C) 2018 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as # published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. # import os import jinja2 import argparse from sys import exit from vyos.config import Config outp_tmpl = """ {% if clients %} OpenVPN status on {{ intf }} Client CN Remote Host Tunnel IP Local Host TX bytes RX bytes Connected Since --------- ----------- --------- ---------- -------- -------- --------------- {% for c in clients %} {{ "%-15s"|format(c.name) }} {{ "%-21s"|format(c.remote) }} {{ "%-15s"|format(c.tunnel) }} {{ "%-21s"|format(local) }} {{ "%-9s"|format(c.tx_bytes) }} {{ "%-9s"|format(c.rx_bytes) }} {{ c.online_since }} {% endfor %} {% endif %} """ def bytes2HR(size): # we need to operate in integers size = int(size) suff = ['B', 'KB', 'MB', 'GB', 'TB'] suffIdx = 0 while size > 1024: # incr. suffix index suffIdx += 1 # divide size = size/1024.0 output="{0:.1f} {1}".format(size, suff[suffIdx]) return output def get_vpn_tunnel_address(peer, interface): lst = [] status_file = '/var/run/openvpn/{}.status'.format(interface) with open(status_file, 'r') as f: lines = f.readlines() for line in lines: if peer in line: lst.append(line) # filter out subnet entries lst = [l for l in lst[1:] if '/' not in l.split(',')[0]] if lst: tunnel_ip = lst[0].split(',')[0] return tunnel_ip return 'n/a' def get_status(mode, interface): status_file = '/var/run/openvpn/{}.status'.format(interface) # this is an empirical value - I assume we have no more then 999999 # current OpenVPN connections routing_table_line = 999999 data = { 'mode': mode, 'intf': interface, 'local': 'N/A', 'date': '', 'clients': [], } if not os.path.exists(status_file): return data with open(status_file, 'r') as f: lines = f.readlines() for line_no, line in enumerate(lines): # remove trailing newline character first line = line.rstrip('\n') # check first line header if line_no == 0: if mode == 'server': if not line == 'OpenVPN CLIENT LIST': raise NameError('Expected "OpenVPN CLIENT LIST"') else: if not line == 'OpenVPN STATISTICS': raise NameError('Expected "OpenVPN STATISTICS"') continue # second line informs us when the status file has been last updated if line_no == 1: data['date'] = line.lstrip('Updated,').rstrip('\n') continue if mode == 'server': # followed by line3 giving output information and the actual output data # # Common Name,Real Address,Bytes Received,Bytes Sent,Connected Since # client1,172.18.202.10:55904,2880587,2882653,Fri Aug 23 16:25:48 2019 # client3,172.18.204.10:41328,2850832,2869729,Fri Aug 23 16:25:43 2019 # client2,172.18.203.10:48987,2856153,2871022,Fri Aug 23 16:25:45 2019 if (line_no >= 3) and (line_no < routing_table_line): # indicator that there are no more clients and we will continue with the # routing table if line == 'ROUTING TABLE': routing_table_line = line_no continue client = { 'name': line.split(',')[0], 'remote': line.split(',')[1], 'rx_bytes': bytes2HR(line.split(',')[2]), 'tx_bytes': bytes2HR(line.split(',')[3]), 'online_since': line.split(',')[4] } client["tunnel"] = get_vpn_tunnel_address(client['remote'], interface) data['clients'].append(client) continue else: if line_no == 2: client = { 'name': 'N/A', 'remote': 'N/A', 'rx_bytes': bytes2HR(line.split(',')[1]), 'tx_bytes': '', 'online_since': 'N/A' } continue if line_no == 3: client['tx_bytes'] = bytes2HR(line.split(',')[1]) data['clients'].append(client) break return data if __name__ == '__main__': parser = argparse.ArgumentParser() parser.add_argument('-m', '--mode', help='OpenVPN operation mode (server, client, site-2-site)', required=True) args = parser.parse_args() # Do nothing if service is not configured config = Config() if len(config.list_effective_nodes('interfaces openvpn')) == 0: print("No OpenVPN interfaces configured") exit(0) # search all OpenVPN interfaces and add those with a matching mode to our # interfaces list interfaces = [] for intf in config.list_effective_nodes('interfaces openvpn'): # get interface type (server, client, site-to-site) mode = config.return_effective_value('interfaces openvpn {} mode'.format(intf)) if args.mode == mode: interfaces.append(intf) for intf in interfaces: data = get_status(args.mode, intf) local_host = config.return_effective_value('interfaces openvpn {} local-host'.format(intf)) local_port = config.return_effective_value('interfaces openvpn {} local-port'.format(intf)) if local_host and local_port: data['local'] = local_host + ':' + local_port if args.mode in ['client', 'site-to-site']: for client in data['clients']: if config.exists_effective('interfaces openvpn {} shared-secret-key-file'.format(intf)): client['name'] = "None (PSK)" remote_host = config.return_effective_values('interfaces openvpn {} remote-host'.format(intf)) remote_port = config.return_effective_value('interfaces openvpn {} remote-port'.format(intf)) if not remote_port: remote_port = '1194' if len(remote_host) >= 1: client['remote'] = str(remote_host[0]) + ':' + remote_port client['tunnel'] = 'N/A' tmpl = jinja2.Template(outp_tmpl) print(tmpl.render(data))