How to Monitor OpenVPN Access server Using eG Enterprise?

eG Enterprise  monitors the OpenVPN Access server in both agent-based and agentless manners. To monitor the OpenVPN Access server in the agentless manner, you should install a single eG agent  on any remote Windows host in the environment. To enable the eG agent to communicate with the OpenVPN Access server, a set of pre-requisites should be fulfilled. These requirements have been discussed in the below section.

Pre-requisites for monitoring the OpenVPN Access server

To monitor the OpenVPN Access server, you should provide certain user privileges that are required to execute the commands for monitoring the OpenVPN Access server. To provide the user with the necessary privileges, do the following:

  1. Login to the OpenVPN Access server host through putty.exe.

    puttylogin - new

    Figure 1 : Login to Putty

  2. Upon logging in, navigate to the /etc/sudoers file of the OpenVPN Access server. By default, certain user privileges are required to execute the commands for monitoring the OpenVPN Access server. The default user privileges to the server will be “ALL” (see Figure 2).

    default - new

    Figure 2 : The default user privileges

  3. If the target environment does not allow the eG Enterprise suite to use the default user for monitoring, then you need to create a new user with the default user privileges. You can do so by including the new user below the default user available under the User privilege specification section (see Figure 2). If you wish to create a new user for e.g., eguser with the default user privileges, then do so as shown in Figure 3.

    allrallprivilegetoeguser - new

    Figure 3 : Creating a new user with the default user privileges

  4. By providing the default user privileges, eguser acquires the entire monitoring rights of the OpenVPN Access server.
  5. If the administrator of the target environment does not wish to provide the default user privileges to the eguser , then you can limit the user privileges to monitor only the tests that need to be executed by the eG Enterprise suite. To do so, specify the following command (see Figure 4).

    eguser ALL=(ALL:ALL) NOPASSWD:/usr/local/openvpn_as/scripts/sacli VPNSummary,/usr/local/openvpn_as/scripts/sacli VPNStatus

    specificprivilegestoeguser

    Figure 4 : Creating a new user with limited user privileges required for monitoring the server

  6. Once the necessary user privileges are provided, the target OpenVPN Access server is ready for monitoring by the eG Enterprise suite.