Skip to main content

OpenVPN

Plugin: go.d.plugin Module: openvpn

Overview

This collector monitors OpenVPN servers.

It uses OpenVPN Management Interface to collect metrics.

This collector is supported on all platforms.

This collector supports collecting metrics from multiple instances of this integration, including remote instances.

Default Behavior

Auto-Detection

This integration doesn't support auto-detection.

Limits

The default configuration for this integration does not impose any limits on data collection.

Performance Impact

The default configuration for this integration is not expected to impose a significant performance impact on the system.

Metrics

Metrics grouped by scope.

The scope defines the instance that the metric belongs to. An instance is uniquely identified by a set of labels.

Per OpenVPN instance

These metrics refer to the entire monitored application.

This scope has no labels.

Metrics:

MetricDimensionsUnit
openvpn.active_clientsclientsclients
openvpn.total_trafficin, outkilobits/s

Per user

These metrics refer to the VPN user.

Labels:

LabelDescription
usernameVPN username

Metrics:

MetricDimensionsUnit
openvpn.user_trafficin, outkilobits/s
openvpn.user_connection_timetimeseconds

Alerts

There are no alerts configured by default for this integration.

Setup

Prerequisites

Enable in go.d.conf.

This collector is disabled by default. You need to explicitly enable it in go.d.conf.

From the documentation for the OpenVPN Management Interface:

Currently, the OpenVPN daemon can at most support a single management client any one time.

It is disabled to not break other tools which use Management Interface.

Configuration

File

The configuration file name for this integration is go.d/openvpn.conf.

You can edit the configuration file using the edit-config script from the Netdata config directory.

cd /etc/netdata 2>/dev/null || cd /opt/netdata/etc/netdata
sudo ./edit-config go.d/openvpn.conf

Options

The following options can be defined globally: update_every, autodetection_retry.

Config options
NameDescriptionDefaultRequired
update_everyData collection frequency.1no
autodetection_retryRecheck interval in seconds. Zero means no recheck will be scheduled.0no
addressServer address in IP:PORT format.127.0.0.1:7505yes
timeoutConnection, read, and write timeout duration in seconds. The timeout includes name resolution.1no
per_user_statsUser selector. Determines which user metrics will be collected.no

Examples

Basic

A basic example configuration.

Config
jobs:
- name: local
address: 127.0.0.1:7505

With user metrics

Collect metrics of all users.

Config
jobs:
- name: local
address: 127.0.0.1:7505
per_user_stats:
includes:
- "* *"

Multi-instance

Note: When you define multiple jobs, their names must be unique.

Collecting metrics from local and remote instances.

Config
jobs:
- name: local
address: 127.0.0.1:7505

- name: remote
address: 203.0.113.0:7505

Troubleshooting

Debug Mode

Important: Debug mode is not supported for data collection jobs created via the UI using the Dyncfg feature.

To troubleshoot issues with the openvpn collector, run the go.d.plugin with the debug option enabled. The output should give you clues as to why the collector isn't working.

  • Navigate to the plugins.d directory, usually at /usr/libexec/netdata/plugins.d/. If that's not the case on your system, open netdata.conf and look for the plugins setting under [directories].

    cd /usr/libexec/netdata/plugins.d/
  • Switch to the netdata user.

    sudo -u netdata -s
  • Run the go.d.plugin to debug the collector:

    ./go.d.plugin -d -m openvpn

Getting Logs

If you're encountering problems with the openvpn collector, follow these steps to retrieve logs and identify potential issues:

  • Run the command specific to your system (systemd, non-systemd, or Docker container).
  • Examine the output for any warnings or error messages that might indicate issues. These messages should provide clues about the root cause of the problem.

System with systemd

Use the following command to view logs generated since the last Netdata service restart:

journalctl _SYSTEMD_INVOCATION_ID="$(systemctl show --value --property=InvocationID netdata)" --namespace=netdata --grep openvpn

System without systemd

Locate the collector log file, typically at /var/log/netdata/collector.log, and use grep to filter for collector's name:

grep openvpn /var/log/netdata/collector.log

Note: This method shows logs from all restarts. Focus on the latest entries for troubleshooting current issues.

Docker Container

If your Netdata runs in a Docker container named "netdata" (replace if different), use this command:

docker logs netdata 2>&1 | grep openvpn

Do you have any feedback for this page? If so, you can open a new issue on our netdata/learn repository.