Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
IZoom
Contributor
Jump to solution

how to list currently connected VPN users on embedded GAIA

Hello,

I want to know, who is connected via VPN to my 1800 gateway (R80.20.35) centrally managed from Smart-1 Cloud

 

I have tried to get it from:

  • fw tab -t om_assigned_ips (or users_userc).
    • The embedded GAIA does not know switch -f, so the output is not readable for me
  • cpstat vpn
    • not enough info
  • cpview
    • not uspported on embedded GAIA
  • vpn tu
    • I am not able to identify users
  • VPN oneliners (and from in CCC)
    • not supported on GAIA, no oneliner is fully functional on this build
  • SmartView Monitor
    • shows only the sum of concurrent connection
    • the rest requires Monitoring blade, which is missing on embeded GAIA
  • Various Views templates I found
    • requires SmartEvent, which is not applicable for embedded GAIA

 

well... the 1800 has 500 VPN licenses included, but no reporting functionality?

0 Kudos
1 Solution

Accepted Solutions
Danny
Champion Champion
Champion

This should show what you are looking for:

vpn tu tlist

View solution in original post

13 Replies
Danny
Champion Champion
Champion
fw tab -t userc_users -f -u
(1)
G_W_Albrecht
Legend Legend
Legend
This is not usable on SMB:
# fw tab -t userc_users -f -u
fw: illegal option -- f
Usage: fw tab [-v] [-t <table>] [-s | -c] [-f] [-o <filename>] [-k <kbuf names>] [-r] [-u | -m <maxvals>] [[-x | -a] -e entry]
[-y]
 
With locally managed SMBs you would be able to use the WebGUI VPN > Remote Access > Connected Remote Users page.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
Tomas_Vobruba
Employee
Employee

Btw, i do not understand why this parameter is there, if this is not usable. Benefit from working param is huge, nobody will read raw hex format of tables

 

 

0 Kudos
_Val_
Admin
Admin

The syntax is for regular Gaia

0 Kudos
Tomas_Vobruba
Employee
Employee

Val, I'm aware about this.. but as you can see, running same command on smb causes illegal error. Which means this parameter should never be visible on smb code or it should return correct formated output. I will take it and manage it with code owners.

_Val_
Admin
Admin

Yes, reaching out to SMB developers is the best way to get rid of this cosmetic issue, please do so.

0 Kudos
Tomas_Vobruba
Employee
Employee

Hi all, 

 

according to my discussion parameter -f was corrected(added) into the latest jumbo and will be delivered in near future to next GA.

 

Tomas

0 Kudos
G_W_Albrecht
Legend Legend
Legend

Open a SR# with TAC to find a solution, that is the most promising advice...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
IZoom
Contributor

thank you for advice. I'll do.

0 Kudos
Danny
Champion Champion
Champion

This should show what you are looking for:

vpn tu tlist

IZoom
Contributor

yeah. that's good start.

 

gw1> vpn tu tlist | grep -A1 -B4 User:
                        ^
Bad parameter starting at '| grep -A1 -B4 User:'

 

 

whatewer vpn tu tlist give first readable output.  I completly forgot about tlist switch and it was not mentioned in command help. Even the I enabled statistic, nothing readable is written.

 

gw1> vpn tu -t tlist
+-----------------------------------------+-----------------------+---------------------+
| Peer: 172.160.11.4 (89bf1149ce499691)   | MSA: ffff00040becb538 | i: 3  ref:     1    |
| Methods: ESP Tunnel 3DES SHA1           |                       | i: 4  ref:     4    |
| My TS:   0.0.0.0/0                      |                       |                     |
| Peer TS: 172.160.11.4                   |                       |                     |
| User: CN=....user1.....,OU=users,O=gw-..| NAT-T                 |                     |
| MSPI:   2000064 (i:  4, p:  0)          | Out SPI: d3807e48     |                     |
+-----------------------------------------+-----------------------+---------------------+


gw1> vpn tu tlist -t
Usage:
vpn tu tlist [VOLUME_STATISTICS_OPTION] [OPTION]...
List information about existing VPN tunnels
Example: vpn tu tlist -v -t -br (or -vtbr)

VOLUME_STATISTICS_OPTIONs:
  clear                        clear Tunnel List volume statistics
  start                        turn on Tunnel List volume statistics
  stop                         turn off Tunnel List volume statistics
  state                        show Tunnel List volume statistics state

OPTIONs (mandatory arguments to long options are mandatory for short options too):
  -b                           sort by total (encrypted+decrypted) bytes
  -d                           sort by inbound (decrypted) bytes
  -e                           sort by outbound (encrypted) bytes
  -h                           display this help and exit
  -i                           combine list rows per instance with accumulated traffic. Default order is descending by total bytes

  -m                           sort by MSPI
  -n                           sort by peer name
  -p IP                        list tunnels only for peer with IP
  -r                           reverse order while sorting
  -s                           sort by SPI
  -t                           combine list rows per peer with accumulated traffic. Default order is descending by total bytes
  -v                           print a message for each provided OPTION after this one
  -a off/on                    print only accelerated tunnels or only non-accelerated tunnels

 

0 Kudos
IZoom
Contributor

ok, well the statistics are displayed after a while.

GW1> vpn tu list tunnels
+-----------------------------------------+-----------------------+---------------------+
| Peer: 172.160.11.5 (d764901471566341)   | MSA: ffff00040becb438 | i: 0  ref: -- 15/60 |
| Methods: ESP Tunnel 3DES SHA1           |                       | i: 1  ref: -- 23/60 |
| My TS:   0.0.0.0/0                      | 😧 233.57 KB -100.00% | i: 2  ref: -- 16/60 |
| Peer TS: 172.160.11.5                   | E: 894.27 KB -100.00% | i: 3  ref: -- 16/60 |
| User: CN=....user1.....,OU=users,O=gw-..| NAT-T                 | i: 4  ref: -- 15/60 |
| MSPI:   40000d2 (i:  8, p:  0)          | Out SPI: 8748db45     | i: 5  ref: -- 13/60 |
|                                         |                       | i: 6  ref: -- 15/60 |
|                                         |                       | i: 7  ref: -- 30/60 |
|                                         |                       | i: 8  ref:    31    |
|                                         |                       | i: 9  ref: -- 16/60 |
+-----------------------------------------+-----------------------+---------------------+

 

0 Kudos
Danny
Champion Champion
Champion

I'm glad I could be of help.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events