Linux iptables logging may get you the information you are looking for. I'm not sure what the performance hit is, however.
From: Carl Youngblood [mailto:carl@...]
Sent: Wednesday, August 25, 2010 7:47 AM
Subject: Re: [Openvpn-users] How to collect per-client usage stats
THanks Bryon, but I need the system to be as automated as possible, tallying usage stats and helping me know when other users' service is degrading because of abuse. Rather than responding to egregious abuses reactively, I want to nip these problems in the bud before they get out of hand.
On Tue, Aug 24, 2010 at 9:40 PM, Bryon <Bryon@...> wrote:
> I would simply suggest, make a clear written policy. If some one goes
> against the policy, disable access to your system.
> On 8/24/2010 2:49 PM, Carl Youngblood wrote:
>> Thanks Bryon. I don't want to restrict specific ports (unless you
>> guys think that's a good idea). Basically, I'm ok with p2p usage,
>> but, in my experience, many open ports at the same time causes much
>> higher resource usage than one port doing a big download. So I'm
>> trying to be aware of all the different ways that users can tax the
>> system and come up with fair usage policies so I don't have a
>> loophole that can be exploited by some individuals. Any advice you
>> guys have would be appreciated.
>> On Tue, Aug 24, 2010 at 5:06 PM, Bryon<Bryon@...> wrote:
>>> If you want to monitor each clients bandwidth usage then you really
>>> need to use radius to do so.
>>> About port monitoring, I would suggest just firewalling any ports
>>> that you do not want clients to be able to use, and open up allowed
>>> On 8/24/2010 10:16 AM, openvpn-users-request@... wrote:
>>>> Message: 5
>>>> Date: Tue, 24 Aug 2010 13:24:04 +0200
>>>> From: Carl Youngblood<carl@...>
>>>> Subject: [Openvpn-users] How to collect per-client usage stats
>>>> Content-Type: text/plain; charset=UTF-8
>>>> I need to be able to track bandwidth usage as well as certain kinds
>>>> of abusive usage on an openvpn server, such as if a user has a lot
>>>> of ports open at the same time. What is the right way to do this?
>>>> Do I take care of it at the openvpn layer or somewhere else on the network?
>>>> Does anyone have any advice for certain types of behavior that I'll
>>>> need to protect against so that all the clients have a good
>>>> Carl Youngblood
Sell apps to millions through the Intel(R) Atom(Tm) Developer Program Be part of this innovative community and reach millions of netbook users worldwide. Take advantage of special opportunities to increase revenue and speed time-to-market. Join now, and jumpstart your future.
Openvpn-users mailing list