aboutsummaryrefslogtreecommitdiff
path: root/management
diff options
context:
space:
mode:
Diffstat (limited to 'management')
-rw-r--r--management/management-notes.txt72
1 files changed, 58 insertions, 14 deletions
diff --git a/management/management-notes.txt b/management/management-notes.txt
index 4d86111..5327338 100644
--- a/management/management-notes.txt
+++ b/management/management-notes.txt
@@ -3,26 +3,24 @@ OpenVPN Management Interface Notes
The OpenVPN Management interface allows OpenVPN to
be administratively controlled from an external program via
-a TCP socket.
+a TCP or unix domain socket.
-The interface has been specifically designed for GUI developers
-and those who would like to programmatically or remotely control
-an OpenVPN daemon.
+The interface has been specifically designed for developers
+who would like to programmatically or remotely control
+an OpenVPN daemon, and can be used when OpenVPN is running
+as a client or server.
The management interface is implemented using a client/server TCP
-connection, where OpenVPN will listen on a provided IP address
-and port for incoming management client connections.
+connection or unix domain socket where OpenVPN will listen on a
+provided IP address and port for incoming management client connections.
The management protocol is currently cleartext without an explicit
security layer. For this reason, it is recommended that the
-management interface either listen on localhost (127.0.0.1)
-or on the local VPN address. It's possible to remotely connect
-to the management interface over the VPN itself, though some
-capabilities will be limited in this mode, such as the ability
-to provide private key passwords.
-
-Future versions of the management interface may allow out-of-band
-connections (i.e. not over the VPN) and secured with SSL/TLS.
+management interface either listen on a unix domain socket,
+localhost (127.0.0.1), or on the local VPN address. It's possible
+to remotely connect to the management interface over the VPN itself,
+though some capabilities will be limited in this mode, such as the
+ability to provide private key passwords.
The management interface is enabled in the OpenVPN
configuration file using the following directive:
@@ -39,6 +37,44 @@ a telnet client which understands "raw" mode).
Once connected to the management port, you can use
the "help" command to list all commands.
+COMMAND -- bytecount
+--------------------
+
+The bytecount command is used to request real-time notification
+of OpenVPN bandwidth usage.
+
+Command syntax:
+
+ bytecount n (where n > 0) -- set up automatic notification of
+ bandwidth usage once every n seconds
+ bytecount 0 -- turn off bytecount notifications
+
+If OpenVPN is running as a client, the bytecount notification
+will look like this:
+
+ >BYTECOUNT:{BYTES_IN},{BYTES_OUT}
+
+BYTES_IN is the number of bytes that have been received from
+the server and BYTES_OUT is the number of bytes that have been
+sent to the server.
+
+If OpenVPN is running as a server, the bytecount notification
+will look like this:
+
+ >BYTECOUNT_CLI:{CID},{BYTES_IN},{BYTES_OUT}
+
+CID is the Client ID, BYTES_IN is the number of bytes that have
+been received from the client and BYTES_OUT is the number of
+bytes that have been sent to the client.
+
+Note that when the bytecount command is used on the server, every
+connected client will report its bandwidth numbers once every n
+seconds.
+
+When the client disconnects, the final bandwidth numbers will be
+placed in the 'bytes_received' and 'bytes_sent' environmental variables
+as included in the >CLIENT:DISCONNECT notification.
+
COMMAND -- echo
---------------
@@ -661,6 +697,14 @@ column and are immediately followed by a type keyword
indicating the type of real-time message. The following
types are currently defined:
+BYTECOUNT -- Real-time bandwidth usage notification, as enabled
+ by "bytecount" command when OpenVPN is running as
+ a client.
+
+BYTECOUNT_CLI -- Real-time bandwidth usage notification per-client,
+ as enabled by "bytecount" command when OpenVPN is
+ running as a server.
+
CLIENT -- Notification of client connections and disconnections
on an OpenVPN server. Enabled when OpenVPN is started
with the --management-client-auth option. CLIENT