Hello. I have trouble in stats:
when I try to get openvpn_server_connected_clients it shows data with UNDEF:
Here is Openvpn version 2 output:

CLIENT_LIST,UNDEF,XXX.XXX.XXX.XXX:60016,,,0,0,2021-08-05 21:30:28,1628188228,UNDEF,32,0,AES-128-CBC
CLIENT_LIST,UNDEF,XXX.XXX.XXX.XXX:52335,,,0,0,2021-08-05 21:30:26,1628188226,UNDEF,30,0,AES-128-CBC
CLIENT_LIST,UNDEF,XXX.XXX.XXX.XXX:45030,,,0,0,2021-08-05 21:30:47,1628188247,UNDEF,59,0,AES-128-CBC
CLIENT_LIST,UNDEF,XXX.XXX.XXX.XXX:54681,,,0,0,2021-08-05 21:31:18,1628188278,UNDEF,93,0,AES-128-CBC
CLIENT_LIST,UNDEF,XXX.XXX.XXX.XXX:48295,,,0,0,2021-08-05 21:31:14,1628188274,UNDEF,87,0,AES-128-CBC

Maybe I can filter with other variables but I think it's important.

setup

OpenVPN and OpenVPN_Exporter installed on 192.168.1.96

Prometheus installed on 192.168.1.95

openvpn_exporter is apparently working. From the x.96 machine, I can wget localhost:9176/metrics and get valid looking data.

problem

I cannot access the metrics from the x.95 machine running prometheus. If I run openvpn_exporter -web.listen-address 0.0.0.0:9176, I would expect to see the openVPN machine listening on 0.0.0.0:9176. Instead, lsof -i -P -n shows openvpn_e 990 root 3u IPv6 203768876 0t0 TCP *:9176 (LISTEN), which suggests that the port is being opening on an IPv6 address instead of an IPv4 address.

Both openvpn_exporter -web.listen-address 0.0.0.0:9176 and openvpn_exporter -web.listen-address :9176 seem to generate an IPv6 address.

How can I force an IPv4 address?

when we run openvpn_exporter --help

we get

-openvpn.status_paths string
Paths at which OpenVPN places its status files.

What I want to know when you say Path at which OpenVPN places its status files , Do you mean OpenVPN Exporter ?

I have a Centos 7 server, with Openvpn in version 2.4.9, golang in version 1.15.1 and after following this tutorial
"https://kifarunix.com/monitor-openvpn-connections-with-prometheus-and-grafana/" which refers to your exporter was not successful.
You are generating the following error when running:
xporter
2021/03/03 16:09:01 Listen address: 10.10.10.10:9176
2021/03/03 16:09:01 Metrics path: / metrics
2021/03/03 16:09:01 openvpn.status_path: /etc/openvpn/openvpn-status.log
2021/03/03 16:09:01 Ignore Individuals: false

2021/03/03 16:09:09 Failed to scrape showq socket: unexpected file contents: "OpenVPN CLIENT LIS"
2021/03/03 16:09:24 Failed to scrape showq socket: unexpected file contents: "OpenVPN CLIENT LIS"

The above error occurs, every time I open / metrics, it follows main.go's config

func main () {
var (
listenAddress = flag.String ("web.listen-address", "10.10.10.10:9176", "Address to listen on for web interface and telemetry.")
metricsPath = flag.String ("web.telemetry-path", "/ metrics", "Path under which to expose metrics.")
// openvpnStatusPaths = flag.String ("openvpn.status_paths", "examples / client.status, examples / server2.status, examples / server3.status", "Paths at which OpenVPN places its status files.")
openvpnStatusPaths = flag.String ("openvpn.status_paths", "/etc/openvpn/openvpn-status.log", "Paths at which OpenVPN places its status files.")
ignoreIndividuals = flag.Bool ("ignore.individuals", false, "If ignoring metrics for individuals")
)
flag.Parse ()

Could you help me please?

What I can do?

As far as I see you have a typo in the documentation. In the docker section, the example refers to a non-existent image in Docker Hub.

What I can do?
Can you contact me?

EDIT this happens because openvpn by default gives status-version 1

2018/08/17 14:33:59 Failed to scrape showq socket: unexpected file contents: "OpenVPN CLIENT LIS"
the exporter seems to work fine, but I got this error when the scraping happens
openvpn is versione:
OpenVPN 2.4.4 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD]
packaged in ubuntu 18.04
this is the content of openvpn-status.log
`
OpenVPN CLIENT LIST
Updated,Fri Aug 17 14:46:34 2018
Common Name,Real Address,Bytes Received,Bytes Sent,Connected Since
xxx.xxxx.xxx,999.999.999.999:45787,339231182,40182388,Wed Aug 15 20:21:18 2018
xxx.xxxx.xxx,999.999.999.999:36356,238994029,19191293,Wed Aug 15 20:22:08 2018
ROUTING TABLE
Virtual Address,Common Name,Real Address,Last Ref
10.8.0.6,xxx.xxxx.xxx,999.999.999.999:36356,Fri Aug 17 14:46:19 2018
10.8.0.10,xxx.xxxx.xxx,999.999.999.999:45787,Fri Aug 17 14:46:30 2018
GLOBAL STATS
Max bcast/mcast queue length,0
END

`

When multiple clients are connected to the server having the same common-name, Only the data of the newest connection of that CN is recorded. Other connections' data is ignored. For example, "Bytes Used" is only measured for the newest connection, while it's expected to sum all values for all connections for that CN in one value.

The biggest antipattern with any timeseries storage system is having a hugely growing label cardinality. Each new combinaison of label values will grant its own timeseries to store data. The number of said files can grow exponentially and have a huge impact on the health of prometheus.

• common_name: will grow for each new user we have. Not best practice but this is "acceptable" if we don't have many many users and don't have much turnover

• connection_time: this is very very very very very BAD practice as this will generate a new value for each reconnection to the VPN. Storing timestamps as label on prometheus is the absolute worst thing one can do to an exporter. This garantees that this label's cardinality will explose within days or even hours. It could bring down the whole monitoring system, depending on the load.

• real_address: This is really not great as the address can change, but this is spectacularly bad as it includes the source port, which is random for each connection. This makes this label as bad and dangerous as the connection_time label.

the only metrics I get (for the server) are:

openvpn_openvpn_server_connected_clients 2
openvpn_status_update_time_seconds{status_path="/etc/openvpn_exporter/server.status"} openvpn_up{status_path="/etc/openvpn_exporter/server.status"} 1

and many of

openvpn_server_route_last_reference_time_seconds

I am using version OpenVPN 2.4.3 with --status-version=3

Is this expected behaviour?

Hi, I have launch docker and in the parameters, I cannot see this:

openvpn_server_client_received_bytes_total
openvpn_server_client_sent_bytes_total
openvpn_server_route_last_reference_time_seconds
openvpn_status_update_time_seconds

My openvpn-status metrics are:

https://pastebin.com/hj9kbZzK

Why don't those parameters appear? I need them for grafana's dashboard

Few examples above - not sure if I should file this with the Grafana team or if something needs to be done this end? Might be that there's no trailing zeroes.

openvpn_exporter -openvpn.status_paths /etc/openvpn/openvpn-status.log gives me obviously command not found.
so basicly its not really an issue just me not understanding. How can i install it or start the program, without docker.

EDIT
well if you have never worked with go then yes your gone have a hard time getting the program to work.
all you got to do is go run main.go in the directory.
if there is anything i missed please let me know else you can close the issue

openvpn --version
OpenVPN 2.4.3 x86_64-redhat-linux-gnu [Fedora EPEL patched] [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jun 21 2017

Example of generated status file I have

OpenVPN CLIENT LIST
Updated,Mon Nov 20 10:11:52 2017
Common Name,Real Address,Bytes Received,Bytes Sent,Connected Since
UNDEF,16.17.101.136,145939323,361988340,Thu Nov 16 19:05:34 2017
UNDEF,16.17.99.242,5085293,5335505,Thu Nov 16 19:05:28 2017
ROUTING TABLE
Virtual Address,Common Name,Real Address,Last Ref
30.100.5.222,UNDEF,16.16.91.230,Sat Nov 18 07:03:24 2017
30.100.2.142,UNDEF,16.17.99.242,Fri Nov 17 15:49:16 2017
GLOBAL STATS
Max bcast/mcast queue length,0
END

The parsing function fail to recognize the type of version.

Hi can you please tell how can I install this on my debian vpn server ..grafana and influxdb alreafy install,,TY

When querying the exporter, I get:

openvpn_exporter[801]: 2021/08/14 13:11:20 Failed to scrape showq socket: parsing time "2021-08-14 13:11:20" as "Mon Jan 2 15:04:05 2006": cannot parse "2021-08-14 13:11:20" as "Mon"

I believe this is caused by

I get this error when building with docker:

Sending build context to Docker daemon 190.5 kB
Sending build context to Docker daemon
Step 0 : FROM golang as builder
Invalid repository name (golang as builder), only [a-z0-9-_.] are allowed

HI,

it's possible to anonymize common names? e.g by hashing them?

We want to track some statistics to ensure our VPN servers running stable but since the metrics are associated with a personal user it might be problematic in german (german law).

Rather than requiring access to the status file, it would be easier to run this exporter as a sidecar by connecting via the management interface.

Really thought, assuming rather that this would be ready to go, didn't realise until i got to the bottom that you need docker

Good afternoon,

I am pretty new to the exporters so perhaps it's something small.

I have extracted the tar and try to run: "go run / go build openvpn_exporter.go", but receive a go.mod:112:55: unexpected newline in string

Am I doing something wrong?

Hi, could you tag a version of your exporter and create a release page with a pre compiled binary in a tarball? Like the node exporter does.

This would be helpful to create tools like Ansible wrapper that deploy automatically the exporter.

Thanks a lot !

Hi

i'm looking for pre-complied binaries on the release page but I can't find them.

https://github.com/kumina/openvpn_exporter/releases/tag/v0.3.0

I'm trying to scrape metrics from three openvpn instances. Getting this error:

An error has occurred while serving metrics:

2 error(s) occurred:
* collected metric "openvpn_openvpn_server_connected_clients" { gauge:<value:0 > } was collected before with the same name and label values
* collected metric "openvpn_openvpn_server_connected_clients" { gauge:<value:0 > } was collected before with the same name and label values

Starting up the process with:
/usr/bin/openvpn_exporter -openvpn.status_paths /var/log/openvpn/custsupport/custsupport-status.log,/var/log/openvpn/corp/corp-status.log,/var/log/openvpn/mobile/mobile-status.log

Hey!
This exporter is exactly what I am looking for. Sadly I don't want to maintain a docker image, which is for obvious reasons going to be outdated every now and then.
Would it be possible to provide a Docker image right away?

This is probably a very stupid question, but I don't understand what you are referring to when asking for /path/to/openvpn_server.

Hi, can you guide which Openvpn access server logs are you accepting ?

I only have logs for /var/log/openvpnas.log

Is that log acceptable?