* Re: VPN Graphs
[not found] <AE2496A1-AF38-4964-97D1-0442DE2EF1DF@rymes.com>
@ 2020-04-01 8:34 ` Michael Tremer
0 siblings, 0 replies; only message in thread
From: Michael Tremer @ 2020-04-01 8:34 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 1313 bytes --]
Hey Tom,
> On 31 Mar 2020, at 21:36, Tom Rymes <trymes(a)rymes.com> wrote:
>
> I noticed that graphs for OpenVPN connections have been added to the WUI, and with all of the added VPN usage in the last weeks, it sure would be nice to have similar graphs for IPsec Roadwarriors and Net-to-Net connections. I’m not certain if the nature of IPSec will prevent that from being possible, but it sure would be nice.
I agree. I would like those, too.
However, we currently have no efficient way to collect this data.
Running iftop or any other user-space process counting packets is heavily inefficient.
OpenVPN is being realised by having an interface where we can simply read packet counters from the kernel. We could in theory do this for IPsec tunnels that use VTI or GRE. But I would not feel comfortable adding that without the regular tunnels, because that is the vast majority.
Best,
-Michael
> Tom
>
> PS: In the meantime, and in the event it might be handy for anyone in a similar situation, I have been using the following commands for ‘iftop’ to get a handle on any VPN users that are hogging bandwidth:
>
> iftop -i red0 -nP
>
> iftop -n -i green0 -F x.x.x.x/y (place in a subnet you want to restrict results to, I use the IPSec RoadWarrior address block).
>
>
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2020-04-01 8:34 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
[not found] <AE2496A1-AF38-4964-97D1-0442DE2EF1DF@rymes.com>
2020-04-01 8:34 ` VPN Graphs Michael Tremer
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox