Add client connection status information on stdout.

OpenVPN daemon logs are redirected to stderr from now on.

Dockerfile

@@ -33,8 +33,7 @@ ADD ./bin /usr/local/bin
 RUN chmod a+x /usr/local/bin/*
 
 # Initialisation scripts and default template
-COPY entrypoint.sh /sbin/entrypoint.sh
-COPY watch-portmapping.sh /sbin/watch-portmapping.sh
+COPY *.sh /sbin/
 COPY openvpn.tmpl $OVPN_TEMPLATE
 
 # Add support for OTP authentication using a PAM module

entrypoint.sh

@@ -100,10 +100,15 @@ if [ -n "${OVPN_MANAGEMENT_PORT}" ]; then
     addArg "--management" "127.0.0.1 ${OVPN_MANAGEMENT_PORT}"
 fi
 
+if [ -n "${OVPN_STATUS}" ]; then
+    addArg "--status" "${OVPN_STATUS}"
+    /sbin/print-status.sh ${OVPN_STATUS} &
+fi
+
 if [ $DEBUG ]; then
     echo "openvpn.conf:"
     cat $OVPN_CONFIG
 fi
 
 echo "$(date "+%a %b %d %H:%M:%S %Y") Running 'openvpn ${ARGS[@]} ${USER_ARGS[@]}'"
-exec openvpn ${ARGS[@]} ${USER_ARGS[@]}
+exec openvpn ${ARGS[@]} ${USER_ARGS[@]} 1> /dev/stderr 2> /dev/stderr

openvpn.tmpl

@@ -22,7 +22,6 @@ tls-cipher ${OVPN_TLS_CIPHER}
 # Rely on scheduler to do port mapping, internally always 1194
 port 1194
 dev tun0
-status /tmp/openvpn-status.log
 
 user nobody
 group nogroup

print-status.sh

@@ -0,0 +1,19 @@
+#!/bin/bash
+
+statusfile=$1
+
+while true; do
+  sleep 60
+  if [ ! -r $statusfile ]; then
+    echo "Cannot read statusfile at $statusfile"
+    break
+  fi
+  while read line; do
+    IFS=',' read -r -a client <<< $line
+
+    # Opportunistic filtering, only the client section has 5 fields
+    if [ ! -z "${client[4]}" -a "${client[0]}" != "Common Name" ]; then
+      echo -e "{ \"common_name\": \"${client[0]}\", \"bytes_received\": ${client[2]}, \"bytes_sent\": ${client[3]}, \"connected_since\": \"${client[4]}\" }"
+    fi
+  done < $statusfile
+done