I have an OpenVPN server and I want it to log each users bandwidth. I'm looking to log the bytes_send and bytes_received. This is stored in the OpenVPN status file, but I can't easily read that file since it's always changing.
I could use a client-disconnect script, but how would I pass the bandwidth used to it? I'd rather not use this as the bandwidth will only be updated when a client disconnects. What if he just never does so? Right, then he can use as much bandwidth as he likes.
So, how can I log the bandwidth used per client?
Best Answer
you can set up iptables rules for each of the users:
and periodically [eg every 15 minutes] collect statistics from them by running:
and clear them out by:
you will have to parse the stats file and save it eg to a database after each execution.
you might want to create separate chain for the traffic coming to/from the tunnel device and have all vpn'ed traffic pass by it first. then you would parse stats just for that tunnel.
also keep in mind that this solution will cause additional overhead on your cpu compared with situation when you use conntrack module and accept all packets belonging to established, related connections.