Skip to content

Server Management

Server Status

Check the server status and connected clients:

# Table format
sudo ./openvpn-install.sh server status

# JSON format
sudo ./openvpn-install.sh server status --format json

Example output:

Server Status
─────────────
Service:     active (running)
Protocol:    udp
Port:        1194
Clients:     2 connected

Connected Clients
──────────────────
Name         Real Address        VPN Address    Connected Since         Upload    Download
----         ------------        -----------    ---------------         ------    --------
laptop       203.0.113.10:51234  10.8.0.2       2026-03-21 10:15:00    1.2 MB    45.6 MB
phone        198.51.100.5:42891  10.8.0.3       2026-03-21 14:30:00    256 KB    12.3 MB

The status data is refreshed every 60 seconds via the management interface.

Renewing the Server Certificate

Renew the server certificate before expiration:

sudo ./openvpn-install.sh server renew

What happens:

  1. A new server certificate is generated
  2. The OpenVPN service is restarted
  3. All connected clients are temporarily disconnected
  4. Clients reconnect automatically

Warning

All clients will experience a brief disconnection during server certificate renewal.

Service Management

The OpenVPN server runs as a systemd service:

# Check service status
systemctl status openvpn-server@server

# Restart the service
systemctl restart openvpn-server@server

# Stop the service
systemctl stop openvpn-server@server

# Start the service
systemctl start openvpn-server@server

# View logs
journalctl -u openvpn-server@server -f

Log Files

Server logs are stored at /var/log/openvpn/server.log.

# Follow logs in real time
tail -f /var/log/openvpn/server.log

To change the log file location or disable file logging:

# Custom log path
sudo ./openvpn-install.sh install --log /var/log/custom-openvpn.log

# Disable file logging (systemd journal only)
sudo ./openvpn-install.sh install --no-log

Management Interface

OpenVPN 2.6+ provides a Unix socket management interface at /var/run/openvpn/management.sock. The script uses this interface for:

  • Querying connected clients
  • Disconnecting revoked clients immediately
  • Retrieving traffic statistics

You can interact with it directly using socat:

echo "status" | socat - UNIX-CONNECT:/var/run/openvpn/management.sock

Key Configuration Files

File Description
/etc/openvpn/server/server.conf Main server configuration
/etc/openvpn/server/client-template.txt Template for client .ovpn files
/etc/sysctl.d/99-openvpn.conf IP forwarding settings
/var/log/openvpn/server.log Server log file