Check openVPN client connected Debian

Solution 1:

It isn't clear to me if you are asking from the perspective of a client or server. In any case one thing you should strongly look at is enabling the management interface on your OpenVPN daemon with this configuration option.

management 6001

With the management interface enabled you can connected to whatever port you setup for this purpose using netcat/telnet. Then you can issue the status command, or many other commands to determine exactly what is going on from the daemons perspective.

Solution 2:

There are a few methods, depending on what exactly you're trying to achieve. If you want to check if the client is running and you're using Debian's initscript, you can use the service command:

% sudo service openvpn status mammon; echo $?
 * VPN 'mammon' is running

If you want to check that the client thinks it is connected to the server, you can check the routing table for the VPN subnet or local interface existence:

% ip route | grep -q; echo $?
% ip link show dev tun0 > /dev/null; echo $?

If you want to check that the client is connected and the server is contactable, ping the server:

% ping -c1 -w5 -q > /dev/null; echo $?

Solution 3:

While I think @mgorven get a good answer, I'd like to propose another one which kind of puts the problem into a different perspective.

If one is using /etc/network/interfaces for configuring the network, it's possible to use it to control client OpenVPN tunnels. It goes like this:

  1. Use custom name of the tunnel device for the OpenVPN's dev option, for instance, have

    dev mytun

    in the OpenVPN configuration file.

    Let's say the config file is

  2. Set up an entry for that device in the /etc/network/interfaces file, like this:

    iface mytun inet manual
        pre-up   /etc/init.d/openvpn start client
        pre-down /etc/init.d/openvpn stop  client

Having set things up this way, you can now do

# /sbin/ifup mytun
# /sbin/ifdown mytun

Now back to the original question — iface sections in the networking configuration file also support the post-up directives which could be used for scripting the "tunnel is ready" events.

Yet another approach, for a Desktop machine, might be using a visual tool like TunTun to manage OpenVPN tunnels.