How can I see or even control a client cert traffic in OpenVPN? Is it possible? I'm programming a Client Control Web App and I find nothing about it. Is there any script or commands for that? In OpenVPN Access Server I've seen such thing.
Edit: To be clear I want users traffic usage.
If you're willing to step down to IP based user identification, you can expect openvpn to reassign the same VPN-IP for a user's lifetime. See assigned IPs in ipp.txt (/etc/openvpn/servers/VPN/logs, path may vary). Then, check if traffic passes through linux kernel. It might stay within the OpenVPN daemon, not sure about that. tcpdump and see what happens. If it passes through the linux kernel, normal IP accounting would work well (MRTG et al). If it does stay in the daemon, openvpn-status.log contains the external IPs of the currently connected users. Correlating that with MRTG data may be a tough exercise, though. So check if there's any config option for openvpn to force traffic through the kernel.
You're using a Linux server, right?
I think after searching throw internet I finally found my proper answer. I can enable management in my
configfile and usetelnetto connect to management. Then I can usestatuscommand to print log for connected users. In there I can see byes received and sent by connected users. And I think OpenVPN has a database some where for storing user status logs!