core icon indicating copy to clipboard operation
core copied to clipboard
verified publisher icon opnsense

SNMP-Support for OpenVPN instances

Open cs-1 opened this issue 1 year ago • 2 comments

Important notices

Before you add a new report, we ask you kindly to acknowledge the following:

  • [x] I have read the contributing guide lines at https://github.com/opnsense/core/blob/master/CONTRIBUTING.md
  • [x] I am convinced that my issue is new after having checked both open and closed issues at https://github.com/opnsense/core/issues?q=is%3Aissue

Is your feature request related to a problem? Please describe.

Right now there's no method to monitor OpenVPN instance usage (users, tx/rx volume etc.) via SNMP. This would be very helpful in bigger installations to manage resources.

Describe the solution you like

It would be great to either implement AgentX support for OpenVPN (there's a repo which implements this: https://github.com/Phhere/openvpn-snmp) or to integrate it as a UCD configuration into Net-SNMP. The latter would allow to simply parse an OpenVPN status file which can be enabled via the "status" directive in the OpenVPN configuration. Since this issue is more OpenVPN centric (enabling AgentX support or enabling the status file) I opened the issue here in the core repo.

Describe alternatives you considered

There're no better alternatives that I'm aware of.

Additional context

N/N

cs-1 avatar May 06 '24 10:05 cs-1

The code you reference was last updated 9 years ago. I don’t want to get any hopes up here. It neither looks fitting for core scope nor is there a maintainable way forward. Net-snmp has been superseded by an array of modern monitoring tools which all are actively maintained and might even offer openvpn support already.

fichtner avatar May 06 '24 10:05 fichtner

Hi Franco, yes, the repo is not maintained properly. Unfortunately I'm unaware of any other tools that expose users etc. from OpenVPN on OPNSense out of the box. The Prometheus node exporter plugin in OPNSense doesn't provide metrics for OpenVPN. Unfortunately, SNMP is still a common denominator for enterprise network management. Don't get me wrong, I'm not a big friend of SNMP.

I'll have a look whether I can use the status output of the unix socket management interface of openvpn to feed the info to Net-SNMP (or the Prom. node exporter).

cs-1 avatar May 06 '24 11:05 cs-1