OpenVPN Server and Client Status¶

The OpenVPN status page at Status > OpenVPN shows the status of each OpenVPN server and client. The status includes service controls for each separate server and client instance on the status page.

SSL/TLS Client/Server Mode¶

For OpenVPN servers in SSL/TLS client/server mode (tunnel network larger than /30), the status provides a list of connected remote clients along with their usernames or certificate common names and connection data as seen in Figure OpenVPN status for an SSL/TLS server with one connected client.

../../_images/openvpn-openvpn-status-ra.png — OpenVPN status for an SSL/TLS server with one connected client¶

The status of an instance has a header bar which includes the OS interface name (e.g. ovpns1), the custom text description of the VPN, its protocol and port, plus a total count of connected clients.

The status output includes the following columns in separate blocks for each server instance in this mode:

Common Name:

The certificate common name and/or username of the client. For VPNs utilizing user authentication, both are printed in this column. The values may differ depending on whether the server has SSL/TLS enabled and whether or not the Username as Common Name option is enabled.

Real Address:

The external/public IP address of the client, as it would appear on the WAN.

Virtual Address:

The tunnel network IPv4 and/or IPv6 addresses assigned to the client for use inside the VPN.

Connected Since:

A timestamp indicating when this client connected to the server or the last status change of the connection.

Bytes Sent:

The amount of data the OpenVPN server has sent to this client.

Bytes Received:

The amount of data the OpenVPN server has received from this client.

Ciphers:

The encryption algorithm in use for this client, which may vary due to cipher negotiation.

Actions:

This column includes icons which control the client.

The fa-info icon will appear at the end of each client row if that client authenticated via RADIUS and has firewall rules received from RADIUS. Clicking the icon will open a modal dialog displaying the contents of that user’s personal firewall ruleset.

The fa-times icon at the end of each client row clears the client session, which disconnects the client while allowing them to reconnect.

The fa-times-circle icon at the end of each client row sends a command which halts the remote client. If the client honors the request, its process terminates and it will not automatically reconnect without manual intervention. This can be useful for stopping an unattended client from conflicting with a different active session for a user.

The fa-plus-circle Show Routing Table button under each server’s list of clients displays a table of networks and IP addresses connected through each client connected to that server.

Peer-to-Peer Mode¶

For OpenVPN instances in peer-to-peer mode (shared key or SSL/TLS with a /30 tunnel network), the output is slightly different. OpenVPN does not report the same amount of information for instances running in peer-to-peer mode, so it cannot offer the same functionality as SSL/TLS client/server mode.

As each instance in this mode is limited to one client per server, the entries are shown in a single table each for clients and servers, with one instance listed per row.

The Name colum prints the OS interface name for the VPN (e.g. ovpns1) and its configured text description, along with the protocol and port number.

For a server instance the Status column indicates whether the instance is running and waiting on connections or if the remote client has connected.

For client instances the Status column indicates whether a connection is pending or active.

The status column may display more detailed information if it’s available during certain stages of configuration and connection.

../../_images/openvpn-openvpn-status.png — OpenVPN status showing peer-to-peer instances including a server that is up, a server waiting for a connection, and a client attempting to reconnect¶