4.7.2.12. Operating

This section provides an overview of the key operational aspects related to the 2SRA use case using the NextGen Portal.

4.7.2.12.1. Checking the status of VPN connections

To monitor VPN connections and check their status, go to the VPN section of the Operate view.

The first module in your display shows graphics representing the state of all the nodes. The colors displayed provide a quick visual representation of their respective states:

In the example above, the WireGuard service has stopped in two out of the three nodes that are configured for that particular farm. Meaning that there is still one node “Up & running”. OpenVPN is shown in grey because the service is not configured for that particular farm.

The status colors and their meaning in regards to VPN status are the following:

• Green: The node and its services are running, and configuration is up to date.

• Yellow: The node and its services are running, but the services configuration is out of date.

• Red: The node or its services are stopped or have some error.

• Grey: Status unknown or not configured.

The second module presents VPN node services status.

The same VPN status information is also available from the Configure > VPN > Manage VPN farms section.

Additionally, from this view you can manage the VPN services. See the Manage VPN farms for more details.

4.7.2.12.2. WireGuard connected users

The WireGuard users section allows you to monitor VPN users filtering by Node:

This view provides an organized display of information for all users connected through WireGuard:

• Farm: Specific Farm to which the user is currently connected.

• User: User identification.

• Dynamic zone: Network segment to which the user is connected.

• IP: User IP address.

• Status: Current connection status of the user.

• Date: Date when the user’s connection was established.

The Search box allows you to search for any user data. For example, you can filter by the username user_test and as a result, a single row will appear with the user user_test.

To reestablish the view after performing a search, utilize the refresh button located at the right end of the toolbar (right next to the search box). This button allows you to restore the original display of information.

Note

Users can establish multiple WireGuard sessions simultaneously across different devices using the same identity. If it happens, you will see the same user name displayed with different IPs in this view.

4.7.2.12.3. Checking the user’s connection via SSH

You can also access and view information about the users from the command line of the VPN gateway:

1. SSH into the VPN gateway.

2. Once connected to the VPN Gateway via SSH, execute the following command:

wg show <VPN_name>

This command will display information about the connected users as well as standalone users, indicating whether they are currently connected or not.

Example of the user with IP 172.16.250.5 connected to the VPN. The information under interface pertains to the VPN configuration while the information under “peer” will give us user information:

3. In the VPN gateway, run the following command:

cat /etc/wireguard/<VPN_name>_clientData

This command will show us the static users and the standalone users.

Example of the static user with IP 172.16.250.4:

4.7.2.12.4. Analytics Dashboards

You have several dashboards to monitor the 2SRA use case.

Navigate to Analytics > 2SRA and you will find a range of dashboards arranged from general to specific, allowing for a drill-down approach. This means you can start with a broad view and then dive into more detailed information as needed. The dashboards available for the 2SRA use case are the following ones:

• 2SRA Overview: Overview of the events related to the 2SRA use case.

• 2SRA Metrics: Displays various metrics and statistics related to the 2SRA use case.

• VPNGW: Displays displays VPN connections and their features.

• Third Party VPN: Displays all events related to the Third Party VPN Use case.