In my server i am running squeeze and I am running openvpn server with 4 users. The users do not get access to other services apart from seeing each other.
i would like to:
-setup a constant rate of traffic at 2048Mbps per user
-setup a monitoring tool for to see utilisation of the traffic for each user, such as cacti.mrtg,... so i could grafically see the traffic utilisation of each user.
if it helps the server has webmin.
openvpn server limit +monitor traffic
Re: openvpn server limit +monitor traffic
First of all, this forum is mostly run by german users, thus we usually speak german. If you are a non-german speaker, you are probably better helped at forums.debian.net. Anyway, welcome to debianforum.de.
You could limit any active OpenVPN connection itself to a constant rate using tc and iptables. Because each user can hopefully connect only once, it effectively limits each user's bandwidth. Note that a client will be able to send more data trough a tunnel than the actual traffic on the wire is if the tunnel is compressed. To monitor the overall traffic you could use the status file option, but it's not per client.
Probably it's the easiest way to setup a single OpenVPN server for each client because you can (and have to) bind it to different ports. So you can explicitly match the connections via iptables and deny double connections with max-clients 1. Another iptables rule can be used to log traffic stats. Or more easy, each OpenVPN instance should add its own tun/tap device, so you can get the traffic per user by looking at ip -s link.
Cheers, Cae
You could limit any active OpenVPN connection itself to a constant rate using tc and iptables. Because each user can hopefully connect only once, it effectively limits each user's bandwidth. Note that a client will be able to send more data trough a tunnel than the actual traffic on the wire is if the tunnel is compressed. To monitor the overall traffic you could use the status file option, but it's not per client.
Probably it's the easiest way to setup a single OpenVPN server for each client because you can (and have to) bind it to different ports. So you can explicitly match the connections via iptables and deny double connections with max-clients 1. Another iptables rule can be used to log traffic stats. Or more easy, each OpenVPN instance should add its own tun/tap device, so you can get the traffic per user by looking at ip -s link.
Cheers, Cae
If universal surveillance were the answer, lots of us would have moved to the former East Germany. If surveillance cameras were the answer, camera-happy London, with something like 500,000 of them at a cost of $700 million, would be the safest city on the planet.
—Bruce Schneier