OpenVPN CLI Commands – Troubleshooting
less /usr/local/openvpn_as/etc/as.conf
less /etc/openvpn/server/server.conf
root@ip-:/var/log# /usr/local/openvpn_as/scripts/sacli version
2.8.5 (build f4ad562b)
Check the users connected to OpenVPN:
/usr/local/openvpn_as/scripts/sacli VPNStatus
/usr/local/openvpn_as/scripts/sacli VPNSummary
Check the status of OpenVPN:
/usr/local/openvpn_as/scripts/sacli status
List the current server configuration:
/usr/local/openvpn_as/scripts/sacli configquery
List the user and group properties:
/usr/local/openvpn_as/scripts/sacli UserPropGet
Check the Current OpenVPN version
/usr/local/openvpn_as/scripts/sacli version
****Verify the Cert Validity
cd /usr/local/openvpn_as/etc/ssl-api/
openssl x509 -enddate -noout -in client.crt
openssl x509 -enddate -noout -in server.crt
aws s3 cp /var/log/temp/ s3://openvpn-log-analysis/ –recursive
THE DB can be internal or external
/usr/local/openvpn_as/scripts/
1) Download the configuration to a single file (where config.txt is the name of the file):
sacli ConfigQuery > config.txt
2) where is the username / password stored for connecting the db ?
3) what’s inside the db ?
config ,cert, userprop, log
db configuration location*
The DB Configuration is stored in /usr/local/openvpn_as/etc/as.conf
root@ip-10-209-7-166:/etc# grep db /usr/local/openvpn_as/etc/as.conf
certs_db=mysql://admin:xxxx@xxxxx.ap-southeast-2.rds.amazonaws.com:3306/as_certs
user_prop_db=mysql://admin:xxxxx@xxxxxxx.ap-southeast-2.rds.amazonaws.com:3306/as_userprop
config_db=mysql://admin:xxxxxx@xxxxxxx.ap-southeast-2.rds.amazonaws.com:3306/as_config
config_db_local=sqlite:///~/db/config_local.db
cluster_db=mysql://admin:xxxxx@xxxx.ap-southeast-2.rds.amazonaws.com:3306/as_cluster
notification_db=mysql://admin:xxxx@xxxxxxx.ap-southeast-2.rds.amazonaws.com:3306/as_notification
log_db=sqlite:///~/db/log.db
*change config value
/sacli -k auth.module.post_auth_script –value_file=ovpnas_postauth_cr.py ConfigPut
./sacli start
====================
CLI Command to Change Open VPN configure
sudo su
cd /usr/local/openvpn_as/scripts
./sacli -k “auth.radius.0.per_server_timeout” -v “60” ConfigPut
./sacli start
=====================
=======LINKS========
Configure Radius Server
https://openvpn.net/vpn-server-resources/openvpn-access-server-and-active-directory-radius/
https://openvpn.net/vpn-server-resources/keeping-openvpn-access-server-updated/
****Configure settings in cli
https://openvpn.net/vpn-server-resources/managing-settings-for-the-web-services-from-the-command-line/
***Self signed Certificates and import certificate
https://openvpn.net/vpn-server-resources/managing-settings-for-the-web-services-from-the-command-line/
Verify authentication for a user:
cd /usr/local/openvpn_as/scripts
./authcli –user –pass