Git Product home page Git Product logo

openvpn_exporter's Introduction

Prometheus OpenVPN exporter

Please note: This repository is currently unmaintained. Due to insufficient time and not using the exporter anymore we decided to archive this project.

This repository provides code for a simple Prometheus metrics exporter for OpenVPN. Right now it can parse files generated by OpenVPN's --status, having one of the following formats:

  • Client statistics,
  • Server statistics with --status-version 2 (comma delimited),
  • Server statistics with --status-version 3 (tab delimited).

As it is not uncommon to run multiple instances of OpenVPN on a single system (e.g., multiple servers, multiple clients or a mixture of both), this exporter can be configured to scrape and export the status of multiple status files, using the -openvpn.status_paths command line flag. Paths need to be comma separated. Metrics for all status files are exported over TCP port 9176.

Please refer to this utility's main() function for a full list of supported command line flags.

Exposed metrics example

Client statistics

For clients status files, the exporter generates metrics that may look like this:

openvpn_client_auth_read_bytes_total{status_path="..."} 3.08854782e+08
openvpn_client_post_compress_bytes_total{status_path="..."} 4.5446864e+07
openvpn_client_post_decompress_bytes_total{status_path="..."} 2.16965355e+08
openvpn_client_pre_compress_bytes_total{status_path="..."} 4.538819e+07
openvpn_client_pre_decompress_bytes_total{status_path="..."} 1.62596168e+08
openvpn_client_tcp_udp_read_bytes_total{status_path="..."} 2.92806201e+08
openvpn_client_tcp_udp_write_bytes_total{status_path="..."} 1.97558969e+08
openvpn_client_tun_tap_read_bytes_total{status_path="..."} 1.53789941e+08
openvpn_client_tun_tap_write_bytes_total{status_path="..."} 3.08764078e+08
openvpn_status_update_time_seconds{status_path="..."} 1.490092749e+09
openvpn_up{status_path="..."} 1

Server statistics

For server status files (both version 2 and 3), the exporter generates metrics that may look like this:

openvpn_server_client_received_bytes_total{common_name="...",connection_time="...",real_address="...",status_path="...",username="...",virtual_address="..."} 139583
openvpn_server_client_sent_bytes_total{common_name="...",connection_time="...",real_address="...",status_path="...",username="...",virtual_address="..."} 710764
openvpn_server_route_last_reference_time_seconds{common_name="...",real_address="...",status_path="...",virtual_address="..."} 1.493018841e+09
openvpn_status_update_time_seconds{status_path="..."} 1.490089154e+09
openvpn_up{status_path="..."} 1
openvpn_server_connected_clients 1


Usage of openvpn_exporter:

  -openvpn.status_paths string
    	Paths at which OpenVPN places its status files. (default "examples/client.status,examples/server2.status,examples/server3.status")
  -web.listen-address string
    	Address to listen on for web interface and telemetry. (default ":9176")
  -web.telemetry-path string
    	Path under which to expose metrics. (default "/metrics")
  -ignore.individuals bool
        If ignoring metrics for individuals (default false)


openvpn_exporter -openvpn.status_paths /etc/openvpn/openvpn-status.log


To use with docker you must mount your status file to /etc/openvpn_exporter/server.status.

docker run -p 9176:9176 \
  -v /path/to/openvpn_server.status:/etc/openvpn_exporter/server.status \
  kumina/openvpn-exporter -openvpn.status_paths /etc/openvpn_exporter/server.status

Metrics should be available at http://localhost:9176/metrics.

Get a standalone executable binary

You can download the pre-compiled binaries from the releases page.

openvpn_exporter's People


bartverc avatar caarlos0 avatar edschouten avatar elseym avatar maksim77 avatar phyber avatar rajatvig avatar revverse avatar sispheor avatar timstoop avatar


 avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar


 avatar  avatar  avatar  avatar  avatar  avatar  avatar

openvpn_exporter's Issues

Cannot parse OpenVPN client tIme

When querying the exporter, I get:

openvpn_exporter[801]: 2021/08/14 13:11:20 Failed to scrape showq socket: parsing time "2021-08-14 13:11:20" as "Mon Jan 2 15:04:05 2006": cannot parse "2021-08-14 13:11:20" as "Mon"

I believe this is caused by

// Time at which the statistics were updated.
location, _ := time.LoadLocation("Local")
timeParser, err := time.ParseInLocation("Mon Jan 2 15:04:05 2006", fields[1], location)
if err != nil {
return err
ch <- prometheus.MustNewConstMetric(

Metrics shows UNDEF in total

Hello. I have trouble in stats:
when I try to get openvpn_server_connected_clients it shows data with UNDEF:
Here is Openvpn version 2 output:

CLIENT_LIST,UNDEF,XXX.XXX.XXX.XXX:60016,,,0,0,2021-08-05 21:30:28,1628188228,UNDEF,32,0,AES-128-CBC
CLIENT_LIST,UNDEF,XXX.XXX.XXX.XXX:52335,,,0,0,2021-08-05 21:30:26,1628188226,UNDEF,30,0,AES-128-CBC
CLIENT_LIST,UNDEF,XXX.XXX.XXX.XXX:45030,,,0,0,2021-08-05 21:30:47,1628188247,UNDEF,59,0,AES-128-CBC
CLIENT_LIST,UNDEF,XXX.XXX.XXX.XXX:54681,,,0,0,2021-08-05 21:31:18,1628188278,UNDEF,93,0,AES-128-CBC
CLIENT_LIST,UNDEF,XXX.XXX.XXX.XXX:48295,,,0,0,2021-08-05 21:31:14,1628188274,UNDEF,87,0,AES-128-CBC

Maybe I can filter with other variables but I think it's important.

The time lebel crashed Prometheus server

The biggest antipattern with any timeseries storage system is having a hugely growing label cardinality. Each new combinaison of label values will grant its own timeseries to store data. The number of said files can grow exponentially and have a huge impact on the health of prometheus.

  • common_name: will grow for each new user we have. Not best practice but this is "acceptable" if we don't have many many users and don't have much turnover

  • connection_time: this is very very very very very BAD practice as this will generate a new value for each reconnection to the VPN. Storing timestamps as label on prometheus is the absolute worst thing one can do to an exporter. This garantees that this label's cardinality will explose within days or even hours. It could bring down the whole monitoring system, depending on the load.

  • real_address: This is really not great as the address can change, but this is spectacularly bad as it includes the source port, which is random for each connection. This makes this label as bad and dangerous as the connection_time label.

How do you install

openvpn_exporter -openvpn.status_paths /etc/openvpn/openvpn-status.log gives me obviously command not found.
so basicly its not really an issue just me not understanding. How can i install it or start the program, without docker.

well if you have never worked with go then yes your gone have a hard time getting the program to work.
all you got to do is go run main.go in the directory.
if there is anything i missed please let me know else you can close the issue

Don't ignore duplicate connections data (with duplicate-cn activated)

When multiple clients are connected to the server having the same common-name, Only the data of the newest connection of that CN is recorded. Other connections' data is ignored. For example, "Bytes Used" is only measured for the newest connection, while it's expected to sum all values for all connections for that CN in one value.

Does not generate data

I have a Centos 7 server, with Openvpn in version 2.4.9, golang in version 1.15.1 and after following this tutorial
"" which refers to your exporter was not successful.
You are generating the following error when running:
2021/03/03 16:09:01 Listen address:
2021/03/03 16:09:01 Metrics path: / metrics
2021/03/03 16:09:01 openvpn.status_path: /etc/openvpn/openvpn-status.log
2021/03/03 16:09:01 Ignore Individuals: false

2021/03/03 16:09:09 Failed to scrape showq socket: unexpected file contents: "OpenVPN CLIENT LIS"
2021/03/03 16:09:24 Failed to scrape showq socket: unexpected file contents: "OpenVPN CLIENT LIS"

The above error occurs, every time I open / metrics, it follows main.go's config

func main () {
var (
listenAddress = flag.String ("web.listen-address", "", "Address to listen on for web interface and telemetry.")
metricsPath = flag.String ("web.telemetry-path", "/ metrics", "Path under which to expose metrics.")
// openvpnStatusPaths = flag.String ("openvpn.status_paths", "examples / client.status, examples / server2.status, examples / server3.status", "Paths at which OpenVPN places its status files.")
openvpnStatusPaths = flag.String ("openvpn.status_paths", "/etc/openvpn/openvpn-status.log", "Paths at which OpenVPN places its status files.")
ignoreIndividuals = flag.Bool ("ignore.individuals", false, "If ignoring metrics for individuals")
flag.Parse ()

Could you help me please?

Anonymize common names


it's possible to anonymize common names? e.g by hashing them?

We want to track some statistics to ensure our VPN servers running stable but since the metrics are associated with a personal user it might be problematic in german (german law).

not working with openvpn 2.4.3

openvpn --version
OpenVPN 2.4.3 x86_64-redhat-linux-gnu [Fedora EPEL patched] [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jun 21 2017

Example of generated status file I have

Updated,Mon Nov 20 10:11:52 2017
Common Name,Real Address,Bytes Received,Bytes Sent,Connected Since
UNDEF,,145939323,361988340,Thu Nov 16 19:05:34 2017
UNDEF,,5085293,5335505,Thu Nov 16 19:05:28 2017
Virtual Address,Common Name,Real Address,Last Ref,UNDEF,,Sat Nov 18 07:03:24 2017,UNDEF,,Fri Nov 17 15:49:16 2017
Max bcast/mcast queue length,0

The parsing function fail to recognize the type of version.

how to

Hi can you please tell how can I install this on my debian vpn server ..grafana and influxdb alreafy install,,TY

Cannot access metrics from remote prometheus instance, exporter generating IPv6 instead of IPv4?


OpenVPN and OpenVPN_Exporter installed on

Prometheus installed on

openvpn_exporter is apparently working. From the x.96 machine, I can wget localhost:9176/metrics and get valid looking data.


I cannot access the metrics from the x.95 machine running prometheus. If I run openvpn_exporter -web.listen-address, I would expect to see the openVPN machine listening on Instead, lsof -i -P -n shows openvpn_e 990 root 3u IPv6 203768876 0t0 TCP *:9176 (LISTEN), which suggests that the port is being opening on an IPv6 address instead of an IPv4 address.

Both openvpn_exporter -web.listen-address and openvpn_exporter -web.listen-address :9176 seem to generate an IPv6 address.

How can I force an IPv4 address?

Failed to scrape showq socket: unexpected file contents: "OpenVPN CLIENT LIS"

EDIT this happens because openvpn by default gives status-version 1

2018/08/17 14:33:59 Failed to scrape showq socket: unexpected file contents: "OpenVPN CLIENT LIS"
the exporter seems to work fine, but I got this error when the scraping happens
openvpn is versione:
OpenVPN 2.4.4 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD]
packaged in ubuntu 18.04
this is the content of openvpn-status.log
Updated,Fri Aug 17 14:46:34 2018
Common Name,Real Address,Bytes Received,Bytes Sent,Connected Since,999.999.999.999:45787,339231182,40182388,Wed Aug 15 20:21:18 2018,999.999.999.999:36356,238994029,19191293,Wed Aug 15 20:22:08 2018
Virtual Address,Common Name,Real Address,Last Ref,,999.999.999.999:36356,Fri Aug 17 14:46:19 2018,,999.999.999.999:45787,Fri Aug 17 14:46:30 2018
Max bcast/mcast queue length,0


docker build error

I get this error when building with docker:

Sending build context to Docker daemon 190.5 kB
Sending build context to Docker daemon
Step 0 : FROM golang as builder
Invalid repository name (golang as builder), only [a-z0-9-_.] are allowed

where is openvpn status file located ?

when we run openvpn_exporter --help

we get

-openvpn.status_paths string
Paths at which OpenVPN places its status files.

What I want to know when you say Path at which OpenVPN places its status files , Do you mean OpenVPN Exporter ?

issues with multiple openvpn instances

I'm trying to scrape metrics from three openvpn instances. Getting this error:

An error has occurred while serving metrics:

2 error(s) occurred:
* collected metric "openvpn_openvpn_server_connected_clients" { gauge:<value:0 > } was collected before with the same name and label values
* collected metric "openvpn_openvpn_server_connected_clients" { gauge:<value:0 > } was collected before with the same name and label values

Starting up the process with:
/usr/bin/openvpn_exporter -openvpn.status_paths /var/log/openvpn/custsupport/custsupport-status.log,/var/log/openvpn/corp/corp-status.log,/var/log/openvpn/mobile/mobile-status.log

Provide Docker image

This exporter is exactly what I am looking for. Sadly I don't want to maintain a docker image, which is for obvious reasons going to be outdated every now and then.
Would it be possible to provide a Docker image right away?

Not able to run the exporter

Good afternoon,

I am pretty new to the exporters so perhaps it's something small.

I have extracted the tar and try to run: "go run / go build openvpn_exporter.go", but receive a go.mod:112:55: unexpected newline in string

Am I doing something wrong?

Wrong docker image name

As far as I see you have a typo in the documentation. In the docker section, the example refers to a non-existent image in Docker Hub.

Openvpn Access Server Status File

Hi, can you guide which Openvpn access server logs are you accepting ?

I only have logs for /var/log/openvpnas.log

Is that log acceptable?

missing metrics

the only metrics I get (for the server) are:

openvpn_openvpn_server_connected_clients 2
openvpn_status_update_time_seconds{status_path="/etc/openvpn_exporter/server.status"} openvpn_up{status_path="/etc/openvpn_exporter/server.status"} 1

and many of


I am using version OpenVPN 2.4.3 with --status-version=3

Is this expected behaviour?

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.