0 votes
Following a post a couple of days a go, I bumped into a piece of software called openvpn-monitor. It allows you to see all active incoming OpenVPN connections to ClearOS in a web browser. This Howto shows how to install it.
yum install mod_python python-GeoIP python-ipaddr python-argparse python-humanize python-semantic_version git --enablerepo=clearos-core,clearos-epel
cd /var/www/html
git clone
chown apache:apache /var/www/html/openvpn-monitor -R
Note mod_python and python-argparse are not needed in ClearOS 7.x and may not be needed in 6.x.

Create a file /etc/httpd/conf.d/openvpn-monitor.conf:
#    AddHandler cgi-script .cgi
<Directory /var/www/html/openvpn-monitor>
Options +ExecCGI
AddHandler cgi-script .py

Order deny,allow
Deny from all
Allow from

Edit the file /var/www/html/openvpn-monitor/openvpn-monitor.conf changing site, latitude, longitude and name. I used this site to find my latitude and longitude from my postcode. You may need another site depending on where you are. I also turned the map off.

Set up the GeoIP:
cd /usr/share/GeoIP/
gunzip GeoLiteCity.dat.gz
mv GeoLiteCity.dat GeoIPCity.dat
Restart apache:
service httpd restart

In /etc/openvpn/clients.conf add a line:
management 5555
Then restart OpenVPN e.g.
service openvpn restart

Then navigate to http://your_server_IP/openvpn-monitor and there you are.

Then you look at /var/log/messages and see it gets spammed with openvpn MANAGEMENT rubbish. To get rid of that, create a file in /etc/rsyslog.d. I have a general one I use for filtering bits of rubbish called messages-filter.conf but call it what you like. Add the lines:
# Suppress Openvpn MAMAGEMENT messages
if $programname == 'openvpn' and $msg contains 'MANAGEMENT' then ~
Then restart rsyslog:
service rsyslog restart
End of messages :)

I have only used this with the UDP configuration of OpenVPN. I have a feeling that if your want to monitor another instance of OpenVPN, such as the TCP configuration, you'll need to use a different management port and have a separate instance of OpenVPN Monitor running in the web server (change the port in /var/www/html/openvpn-monitor/openvpn-monitor.cfg and the line you add to clients.conf and use a different subdirectory of /var/www/html/ to install the second instance of OpenVPN Monitor).

Edited 11/03/2016 following this post
Credit to Dennis Pantazis
[edit2 02/10/2016]
/var/www/html/openvpn-monitor/openvpn-monitor.cfg is now /var/www/html/openvpn-monitor/openvpn-monitor.conf
lat is now latitude
long is now longitude
[edit3 04/10/2019]
Added python-semantic_version to the yum command
Monday, December 09 2013, 11:44 AM
Share this post:
Responses (3)
  • Accepted Answer

    Friday, October 04 2019, 08:23 PM - #Permalink
    0 votes
    Thanks for the info. For some reason I already have it installed so something else may have dragged it in.
    The reply is currently minimized Show
  • Accepted Answer

    Friday, September 20 2019, 09:13 AM - #Permalink
    0 votes
    Great guide, thank you.
    Just a tip, in the version 7.6.0 It was necessary to install python-semantic_version
    The reply is currently minimized Show
  • Accepted Answer

    Saturday, October 06 2018, 07:38 PM - #Permalink
    0 votes
    Here's a necro-bump.

    Since this first post was written I've been installing GeoLite by yum but for the last year the GeoLite database has gone into maintenance mode. openvpn-monitor was updated today on github to work with the GeoIP2 database which is maintained. The free version is less accurate than the paid version but it is maintained. I have found sources for this at the fan-city repo and you can run your own auto-updater with:
    rpm -Uvh
    yum update Geo*
    Note this installs a third-party repo, but it is in a disabled state so should not interfere with regular updates. If installing from fresh, also install "geoipupdate-cron" from the same repo. You may need to update your /etc/GeoIP.conf to these settings (all comments have been removed):
    LicenseKey 000000000000
    UserId 0
    ProductIds GeoLite2-City
    More info is available at Maxmind's site. (You do not need to set up the cron job - yum took care of that)
    You also need python2-geoip2:
    yum install python2-geoip2

    Then in your /var/www/html/openvpn-monitor/openvpn-monitor.conf (your location may vary depending on where you installed your website), change:

    Alternatively it looks like you can get the GeoLite2-City database directly from EPEL. As this is enabled by default you'll automatically get updates with a small delay as the package maintainer needs to push an update via epel-testing. If you want to use the EPEL GeoLite2-City then it is much easier.

    You can remove all the old GeoIP packages (but don't use yum or it will remove too many dependencies):

    rpm -e --nodeps GeoIP-update GeoIP-data
    Then just install the following:
    yum install python2-geoip2 geolite2-city

    Then in your /var/www/html/openvpn-monitor/openvpn-monitor.conf (your location may vary depending on where you installed your website), change:
    The reply is currently minimized Show
Your Reply