Monitoring SoftEther VPN connections using MQTT and OpenHAB 2

In this blog I will describe how to monitor a SoftEther VPN using MQTT and OpenHab 2.

This is how the result will look like:

The first step is to use the SoftEther CLI to extract the necessary information. The following script will do the job after you have adjusted the necessary hosts, users and passwords (search for XXXX) of your environment.


#!/bin/bash
DEBUG=0
MQTT_USER="XXXX"
MQTT_PASSWORD="XXXX"
MQTT_CAPATH="/etc/ssl/certs/"
MQTT_HOST="XXXX"
MQTT_PORT="8883"
MQTT="/usr/bin/mosquitto_pub -h $MQTT_HOST -p $MQTT_PORT -u $MQTT_USER -P $MQTT_PASSWORD --capath $MQTT_CAPATH "

VPN_SERVER="127.0.0.1"
VPN_PASSWORD="XXXX"
VPN_SERVER_PORT="992"


VPN_CMD="/usr/bin/vpncmd $VPN_SERVER:$VPN_SERVER_PORT /SERVER" 
for LINE in $($VPN_CMD /PASSWORD=XXXX /CSV /CMD=HubList| sed "s/ /_/g" | grep -v "Virtual_Hub_Name"); do
   VirtualHubName=$(echo $LINE | awk -F "," '{print $1}')
   Status=$(echo $LINE | awk -F "," '{print $2}')
   Type=$(echo $LINE | awk -F "," '{print $3}')
   Users=$(echo $LINE | awk -F "," '{print $4}')
   Groups=$(echo $LINE | awk -F "," '{print $5}')
   Sessions=$(echo $LINE | awk -F "," '{print $6}')
   MAC_Tables=$(echo $LINE | awk -F "," '{print $7}')
   IP_Tables=$(echo $LINE | awk -F "," '{print $8}')
   Num_Logins=$(echo $LINE | awk -F "," '{print $9}')
   Last_Login=$(echo $LINE | awk -F "," '{print $10}' | sed "s/_/T/g")
   Last_Communication=$(echo $LINE | awk -F "," '{print $11}' | sed "s/_/T/g")
   Transfer_Bytes=$(echo $LINE | awk -F "\"" '{print $2}' | sed "s/,//g")
   Transfer_Packets=$(echo $LINE | awk -F "\"" '{print $4}' | sed "s/,//g")

   if [[ DEBUG -gt 0 ]]; then 
      echo $MQTT -t "SoftEtherVPN/$VirtualHubName/Status" -m "$Status"
      echo $MQTT -t "SoftEtherVPN/$VirtualHubName/Type" -m "$Type"
      echo $MQTT -t "SoftEtherVPN/$VirtualHubName/Users" -m "$Users"
      echo $MQTT -t "SoftEtherVPN/$VirtualHubName/Groups" -m "$Groups"
      echo $MQTT -t "SoftEtherVPN/$VirtualHubName/Sessions" -m "$Sessions"
      echo $MQTT -t "SoftEtherVPN/$VirtualHubName/MAC_Tables" -m "$MAC_Tables"
      echo $MQTT -t "SoftEtherVPN/$VirtualHubName/IP_Tables" -m "$IP_Tables"
      echo $MQTT -t "SoftEtherVPN/$VirtualHubName/Num_Logins" -m "$Num_Logins"
      echo $MQTT -t "SoftEtherVPN/$VirtualHubName/Last_Login" -m "$Last_Login"
      echo $MQTT -t "SoftEtherVPN/$VirtualHubName/Last_Communication" -m "$Last_Communication"
      echo $MQTT -t "SoftEtherVPN/$VirtualHubName/Transfer_Bytes" -m "$Transfer_Bytes"
      echo $MQTT -t "SoftEtherVPN/$VirtualHubName/Transfer_Packets" -m "$Transfer_Packets"
   fi

   $MQTT -t "SoftEtherVPN/$VirtualHubName/Status" -m "$Status"
   $MQTT -t "SoftEtherVPN/$VirtualHubName/Type" -m "$Type"
   $MQTT -t "SoftEtherVPN/$VirtualHubName/Users" -m "$Users"
   $MQTT -t "SoftEtherVPN/$VirtualHubName/Groups" -m "$Groups"
   $MQTT -t "SoftEtherVPN/$VirtualHubName/Sessions" -m "$Sessions"
   $MQTT -t "SoftEtherVPN/$VirtualHubName/MAC_Tables" -m "$MAC_Tables"
   $MQTT -t "SoftEtherVPN/$VirtualHubName/IP_Tables" -m "$IP_Tables"
   $MQTT -t "SoftEtherVPN/$VirtualHubName/Num_Logins" -m "$Num_Logins"
   $MQTT -t "SoftEtherVPN/$VirtualHubName/Last_Login" -m "$Last_Login"
   $MQTT -t "SoftEtherVPN/$VirtualHubName/Last_Communication" -m "$Last_Communication"
   $MQTT -t "SoftEtherVPN/$VirtualHubName/Transfer_Bytes" -m "$Transfer_Bytes"
   $MQTT -t "SoftEtherVPN/$VirtualHubName/Transfer_Packets" -m "$Transfer_Packets"

# echo "Transfer_Bytes= $Transfer_Bytes"
# echo "Transfer_Packets= $Transfer_Packets"
# echo "$VirtualHubName $Status $Type $Users $Groups $Sessions $MAC_Tables $IP_Tables $Num_Logins $Last_Login $Last_Communication $Transfer_Bytes $Transfer_Packets"
# echo $LINE

   for SESSION in $($VPN_CMD /Hub=$VirtualHubName /CSV /CMD=SessionList | sed "s/ /_/g" | grep -v "Session_Name"); do
      SessionName=$(echo $SESSION | awk -F "," '{print $1}')
      SessionVLANID=$(echo $SESSION | awk -F "," '{print $2}')
      SessionLocation=$(echo $SESSION | awk -F "," '{print $3}')
      SessionUserName=$(echo $SESSION | awk -F "," '{print $4}')
      SessionSourceHostName=$(echo $SESSION | awk -F "," '{print $5}')
      SessionTCPConnections=$(echo $SESSION | awk -F "," '{print $6}' | sed "s/_//g")
      SessionTransferBytes=$(echo $SESSION | awk -F "\"" '{print $2}' | sed "s/,//g")
      SessionTransferPackets=$(echo $SESSION | awk -F "\"" '{print $4}' | sed "s/,//g")
# echo "$SessionName $SessionVLANID $SessionLocation $SessionUserName $SessionSourceHostName $SessionTCPConnections $SessionTransferBytes $SessionTransferPackets"

      if [[ DEBUG -gt 0 ]]; then 

         echo $MQTT -t "SoftEtherVPN/$VirtualHubName/$SessionUserName/Name" -m "$SessionName"
         echo $MQTT -t "SoftEtherVPN/$VirtualHubName/$SessionUserName/VLANID" -m "$SessionVLANID"
         echo $MQTT -t "SoftEtherVPN/$VirtualHubName/$SessionUserName/Location" -m "$SessionLocation"
         echo $MQTT -t "SoftEtherVPN/$VirtualHubName/$SessionUserName/HostName" -m "$SessionSourceHostName"
         echo $MQTT -t "SoftEtherVPN/$VirtualHubName/$SessionUserName/TCPConnections" -m "$SessionTCPConnections"
         echo $MQTT -t "SoftEtherVPN/$VirtualHubName/$SessionUserName/TransferBytes" -m "$SessionTransferBytes"
         echo $MQTT -t "SoftEtherVPN/$VirtualHubName/$SessionUserName/TransferPackets" -m "$SessionTransferPackets"
     fi

     $MQTT -t "SoftEtherVPN/$VirtualHubName/$SessionUserName/Name" -m "$SessionName"
     $MQTT -t "SoftEtherVPN/$VirtualHubName/$SessionUserName/VLANID" -m "$SessionVLANID"
     $MQTT -t "SoftEtherVPN/$VirtualHubName/$SessionUserName/Location" -m "$SessionLocation"
     $MQTT -t "SoftEtherVPN/$VirtualHubName/$SessionUserName/HostName" -m "$SessionSourceHostName"
     $MQTT -t "SoftEtherVPN/$VirtualHubName/$SessionUserName/TCPConnections" -m "$SessionTCPConnections"
     $MQTT -t "SoftEtherVPN/$VirtualHubName/$SessionUserName/TransferBytes" -m "$SessionTransferBytes"
     $MQTT -t "SoftEtherVPN/$VirtualHubName/$SessionUserName/TransferPackets" -m "$SessionTransferPackets"
   done
done

exit 0

In Openhab we have to provide an item description.

In this example I use

  • two virtual hubs: VPN_LAN and VPN_DMZ
  • one host: mikrotik

String SoftEtherVPN_VPN_LAN_Status "Status [%s]" <switch> {mqtt="<[mosquitto:SoftEtherVPN/VPN_LAN/Status:state:default]"}
String SoftEtherVPN_VPN_LAN_Status "Status [%s]" <switch> {mqtt="<[mosquitto:SoftEtherVPN/VPN_LAN/Status:state:default]"}
String SoftEtherVPN_VPN_LAN_Type "Type [%s]" {mqtt="<[mosquitto:SoftEtherVPN/VPN_LAN/Type:state:default]"}
Number SoftEtherVPN_VPN_LAN_Users "Users [%s]"  <man_1> {mqtt="<[mosquitto:SoftEtherVPN/VPN_LAN/Users:state:default]"}
Number SoftEtherVPN_VPN_LAN_Groups "Groups [%s]" <parents_1_1> {mqtt="<[mosquitto:SoftEtherVPN/VPN_LAN/Groups:state:default]"}
Number SoftEtherVPN_VPN_LAN_Sessions "Sessions [%s]" {mqtt="<[mosquitto:SoftEtherVPN/VPN_LAN/Sessions:state:default]"}
Number SoftEtherVPN_VPN_LAN_MAC_Tables "MAC_Tables [%s]" {mqtt="<[mosquitto:SoftEtherVPN/VPN_LAN/MAC_Tables:state:default]"}
Number SoftEtherVPN_VPN_LAN_IP_Tables "IP_Tables [%s]" {mqtt="<[mosquitto:SoftEtherVPN/VPN_LAN/IP_Tables:state:default]"}
Number SoftEtherVPN_VPN_LAN_Num_Logins "Num_Logins [%s]" {mqtt="<[mosquitto:SoftEtherVPN/VPN_LAN/Num_Logins:state:default]"}
DateTime SoftEtherVPN_VPN_LAN_Last_Login "Last_Login [%1$td.%1$tm.%1$tY, %1$tH:%1$tM Uhr]" <clock> {mqtt="<[mosquitto:SoftEtherVPN/VPN_LAN/Last_Login:state:default]"}
DateTime SoftEtherVPN_VPN_LAN_Last_Communication "Last_Communication [%1$td.%1$tm.%1$tY, %1$tH:%1$tM Uhr]" <clock> {mqtt="<[mosquitto:SoftEtherVPN/VPN_LAN/Last_Communication:state:default]"}
Number SoftEtherVPN_VPN_LAN_Transfer_Bytes "Transfer_Bytes [%s]" <line> {mqtt="<[mosquitto:SoftEtherVPN/VPN_LAN/Transfer_Bytes:state:default]"}
Number SoftEtherVPN_VPN_LAN_Transfer_Packets "Transfer_Packets [%s]" <line> {mqtt="<[mosquitto:SoftEtherVPN/VPN_LAN/Transfer_Packets:state:default]"}
String SoftEtherVPN_VPN_DMZ_Status "Status [%s]" <switch> {mqtt="<[mosquitto:SoftEtherVPN/VPN_DMZ/Status:state:default]"}
String SoftEtherVPN_VPN_DMZ_Type "Type [%s]" {mqtt="<[mosquitto:SoftEtherVPN/VPN_DMZ/Type:state:default]"}
Number SoftEtherVPN_VPN_DMZ_Users "Users [%s]"  <man_1> {mqtt="<[mosquitto:SoftEtherVPN/VPN_DMZ/Users:state:default]"}
Number SoftEtherVPN_VPN_DMZ_Groups "Groups [%s]" <parents_1_1> {mqtt="<[mosquitto:SoftEtherVPN/VPN_DMZ/Groups:state:default]"}
Number SoftEtherVPN_VPN_DMZ_Sessions "Sessions [%s]" {mqtt="<[mosquitto:SoftEtherVPN/VPN_DMZ/Sessions:state:default]"}
Number SoftEtherVPN_VPN_DMZ_MAC_Tables "MAC_Tables [%s]" {mqtt="<[mosquitto:SoftEtherVPN/VPN_DMZ/MAC_Tables:state:default]"}
Number SoftEtherVPN_VPN_DMZ_IP_Tables "IP_Tables [%s]" {mqtt="<[mosquitto:SoftEtherVPN/VPN_DMZ/IP_Tables:state:default]"}
Number SoftEtherVPN_VPN_DMZ_Num_Logins "Num_Logins [%s]" {mqtt="<[mosquitto:SoftEtherVPN/VPN_DMZ/Num_Logins:state:default]"}
DateTime SoftEtherVPN_VPN_DMZ_Last_Login "Last_Login [%1$td.%1$tm.%1$tY, %1$tH:%1$tM Uhr]" <clock> {mqtt="<[mosquitto:SoftEtherVPN/VPN_DMZ/Last_Login:state:default]"}
DateTime SoftEtherVPN_VPN_DMZ_Last_Communication "Last_Communication [%1$td.%1$tm.%1$tY, %1$tH:%1$tM Uhr]" <clock> {mqtt="<[mosquitto:SoftEtherVPN/VPN_DMZ/Last_Communication:state:default]"}
Number SoftEtherVPN_VPN_DMZ_Transfer_Bytes "Transfer_Bytes [%s]" <line> {mqtt="<[mosquitto:SoftEtherVPN/VPN_DMZ/Transfer_Bytes:state:default]"}
Number SoftEtherVPN_VPN_DMZ_Transfer_Packets "Transfer_Packets [%s]" <line> {mqtt="<[mosquitto:SoftEtherVPN/VPN_DMZ/Transfer_Packets:state:default]"}
String VPN_DMZ_Local_Bridge_Name "Name [%s]" {mqtt="<[mosquitto:SoftEtherVPN/VPN_DMZ/Local_Bridge/Name:state:default]"}
String VPN_DMZ_Local_Bridge_VLANID "VLANID [%s]" {mqtt="<[mosquitto:SoftEtherVPN/VPN_DMZ/Local_Bridge/VLANID:state:default]"}
String VPN_DMZ_Local_Bridge_Location "Location [%s]" {mqtt="<[mosquitto:SoftEtherVPN/VPN_DMZ/Local_Bridge/Location:state:default]"}
String VPN_DMZ_Local_Bridge_HostName "HostName [%s]" {mqtt="<[mosquitto:SoftEtherVPN/VPN_DMZ/Local_Bridge/HostName:state:default]"}
String VPN_DMZ_Local_Bridge_TCPConnections "TCPConnections [%s]" {mqtt="<[mosquitto:SoftEtherVPN/VPN_DMZ/Local_Bridge/TCPConnections:state:default]"}
Number VPN_DMZ_Local_Bridge_TransferBytes "TransferBytes [%s]" <line> {mqtt="<[mosquitto:SoftEtherVPN/VPN_DMZ/Local_Bridge/TransferBytes:state:default]"}
Number VPN_DMZ_Local_Bridge_TransferPackets "TransferPackets [%s]" <line> {mqtt="<[mosquitto:SoftEtherVPN/VPN_DMZ/Local_Bridge/TransferPackets :state:default]"}
String VPN_DMZ_mikrotik_Name "Name [%s]" {mqtt="<[mosquitto:SoftEtherVPN/VPN_DMZ/mikrotik/Name:state:default]"}String VPN_DMZ_mikrotik_VLANID "VLANID [%s]" {mqtt="<[mosquitto:SoftEtherVPN/VPN_DMZ/mikrotik/VLANID:state:default]"}
String VPN_DMZ_mikrotik_Location "Location [%s]" {mqtt="<[mosquitto:SoftEtherVPN/VPN_DMZ/mikrotik/Location:state:default]"}
String VPN_DMZ_mikrotik_HostName "HostName [%s]" {mqtt="<[mosquitto:SoftEtherVPN/VPN_DMZ/mikrotik/HostName:state:default]"}
String VPN_DMZ_mikrotik_TCPConnections "TCPConnections [%s]" {mqtt="<[mosquitto:SoftEtherVPN/VPN_DMZ/mikrotik/TCPConnections:state:default]"}
Number VPN_DMZ_mikrotik_TransferBytes "TransferBytes [%s]" <line> {mqtt="<[mosquitto:SoftEtherVPN/VPN_DMZ/mikrotik/TransferBytes:state:default]"}
Number VPN_DMZ_mikrotik_TransferPackets "TransferPackets [%s]" <line> {mqtt="<[mosquitto:SoftEtherVPN/VPN_DMZ/mikrotik/TransferPackets:state:default]"}

The last part is the sitemap stanza:

Group label="SoftEtherVPN " icon="router" item=Routing { 
   Group label="SoftEtherVPN " icon="router" item=Routing { 
      Frame label="Status" { 
         Text item=SoftEtherVPN_VPN_LAN_Status label="VPN_LAN"  
         Text item=SoftEtherVPN_VPN_SKY_Status label="VPN_SKY"  } 
         Frame label="Details" {  
            Group label="Bridges " icon="router" item=Routing { 
            Frame label="VPN_LAN" { 
               Text item=SoftEtherVPN_VPN_LAN_Status 
               /* Text item=SoftEtherVPN_VPN_LAN_Type */ 
               Text item=SoftEtherVPN_VPN_LAN_Users 
               Text item=SoftEtherVPN_VPN_LAN_Groups 
               Text item=SoftEtherVPN_VPN_LAN_Sessions 
               /* Text item=SoftEtherVPN_VPN_LAN_MAC_Tables 
               Text item=SoftEtherVPN_VPN_LAN_IP_Tables */ 
               Text item=SoftEtherVPN_VPN_LAN_Num_Logins 
               Text item=SoftEtherVPN_VPN_LAN_Last_Login 
               Text item=SoftEtherVPN_VPN_LAN_Last_Communication 
               Text item=SoftEtherVPN_VPN_LAN_Transfer_Bytes 
               Text item=SoftEtherVPN_VPN_LAN_Transfer_Packets 
            } 
            Frame label="VPN_SKY" { 
               Text item=SoftEtherVPN_VPN_SKY_Status 
               /* Text item=SoftEtherVPN_VPN_DMZ_Type */ 
               Text item=SoftEtherVPN_VPN_DMZ_Users 
               Text item=SoftEtherVPN_VPN_DMZ_Groups 
               Text item=SoftEtherVPN_VPN_DMZ_Sessions /* 
               Text item=SoftEtherVPN_VPN_DMZ_MAC_Tables 
               Text item=SoftEtherVPN_VPN_DMZ_IP_Tables */ 
               Text item=SoftEtherVPN_VPN_DMZ_Num_Logins 
               Text item=SoftEtherVPN_VPN_DMZ_Last_Login 
               Text item=SoftEtherVPN_VPN_DMZ_Last_Communication 
               Text item=SoftEtherVPN_VPN_DMZ_Transfer_Bytes 
               Text item=SoftEtherVPN_VPN_DMZ_Transfer_Packets 
            }  
         }  
         Group label="Sessions" icon="router" item=Routing { 
            Frame label="Local Bridge" { 
               Text item=VPN_DMZ_Local_Bridge_Name /* 
               Text item=VPN_DMZ_Local_Bridge_VLANID 
               Text item=VPN_DMZ_Local_Bridge_Location */ 
               Text item=VPN_DMZ_Local_Bridge_HostName /* 
               Text item=VPN_DMZ_Local_Bridge_TCPConnections */ 
               Text item=VPN_DMZ_Local_Bridge_TransferBytes  
               Text item=VPN_DMZ_Local_Bridge_TransferPackets }
               Frame label="mikrotik" { 
                  Text item=VPN_DMZ_mikrotik_Name 
                  /* Text item=VPN_DMZ_mikrotik_VLANID Text item=VPN_SKY_mikrotik_Location */ 
                  Text item=VPN_DMZ_mikrotik_HostName 
                  Text item=VPN_DMZ_mikrotik_TCPConnections 
                  Text item=VPN_DMZ_mikrotik_TransferBytes 
                  Text item=VPN_DMZ_mikrotik_TransferPackets 
               } 
               Frame label="Charts" { 
                  Switch item=Chart_Period label="Chart Periode" mappings=[0="h", 1="4h", 2="D", 3="W"] icon="line"    
                  Chart item=VPN_DMZ_mikrotik_TransferBytes   service="jdbc" period=h  refresh=3000000 visibility=[Chart_Period==0, Chart_Period==NULL]   
                  Chart item=VPN_DMZ_mikrotik_TransferBytes   service="jdbc" period=4h refresh=3000000 visibility=[Chart_Period==1]   
                  Chart item=VPN_DMZ_mikrotik_TransferBytes   service="jdbc" period=D  refresh=3000000 visibility=[Chart_Period==2]   
                  Chart item=VPN_DMZ_mikrotik_TransferBytes   service="jdbc" period=W  refresh=3000000 visibility=[Chart_Period==3] 
               }
           }
       }
   }
}

 

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.