Merge remote-tracking branch 'amarx/vpn-statistic1' into next

2026-04-14 13:02:58 +02:00 · 2015-01-13 17:37:18 +01:00
parent e62b6718b9 87fe47e9d9
commit 3906cf7e85
14 changed files with 336 additions and 7 deletions
--- a/config/cfgroot/graphs.pl
+++ b/config/cfgroot/graphs.pl
@@ -587,6 +587,118 @@ sub updateifgraph {
 		print "Error in RRD::graph for ".$interface.": ".$ERROR."\n" if $ERROR;
 }

+sub updatevpngraph {
+	my $interface = $_[0];
+	my $period    = $_[1];
+	RRDs::graph(
+		"-",
+		"--start",
+		"-1".$period,
+		"-aPNG",
+		"-i",
+		"-z",
+		"-W www.ipfire.org",
+		"--alt-y-grid",
+		"-w 600",
+		"-h 125",
+		"-r",
+		"-t ".$Lang::tr{'traffic on'}." ".$interface." ".$Lang::tr{'graph per'}." ".$Lang::tr{$period."-graph"},
+		"-v ".$Lang::tr{'bytes per second'},
+		"--color=SHADEA".$color{"color19"},
+		"--color=SHADEB".$color{"color19"},
+		"--color=BACK".$color{"color21"},
+		"DEF:incoming=".$mainsettings{'RRDLOG'}."/collectd/localhost/openvpn-$interface/if_octets_derive.rrd:rx:AVERAGE",
+		"DEF:outgoing=".$mainsettings{'RRDLOG'}."/collectd/localhost/openvpn-$interface/if_octets_derive.rrd:tx:AVERAGE",
+		"CDEF:outgoingn=outgoing,-1,*",
+		"COMMENT:".sprintf("%-20s",$Lang::tr{'caption'}),
+		"COMMENT:".sprintf("%15s",$Lang::tr{'maximal'}),
+		"COMMENT:".sprintf("%15s",$Lang::tr{'average'}),
+		"COMMENT:".sprintf("%15s",$Lang::tr{'minimal'}),
+		"COMMENT:".sprintf("%15s",$Lang::tr{'current'})."\\j",
+		"AREA:incoming#00dd00:".sprintf("%-20s",$Lang::tr{'incoming traffic in bytes per second'}),
+		"GPRINT:incoming:MAX:%8.1lf %sBps",
+		"GPRINT:incoming:AVERAGE:%8.1lf %sBps",
+		"GPRINT:incoming:MIN:%8.1lf %sBps",
+		"GPRINT:incoming:LAST:%8.1lf %sBps\\j",
+		"AREA:outgoingn#dd0000:".sprintf("%-20s",$Lang::tr{'outgoing traffic in bytes per second'}),
+		"GPRINT:outgoing:MAX:%8.1lf %sBps",
+		"GPRINT:outgoing:AVERAGE:%8.1lf %sBps",
+		"GPRINT:outgoing:MIN:%8.1lf %sBps",
+		"GPRINT:outgoing:LAST:%8.1lf %sBps\\j",
+		);
+		$ERROR = RRDs::error;
+		print "Error in RRD::graph for ".$interface.": ".$ERROR."\n" if $ERROR;
+}
+
+sub updatevpnn2ngraph {
+	my $interface = $_[0];
+	my $period    = $_[1];
+	RRDs::graph(
+		"-",
+		"--start",
+		"-1".$period,
+		"-aPNG",
+		"-i",
+		"-z",
+		"-W www.ipfire.org",
+		"--alt-y-grid",
+		"-w 600",
+		"-h 125",
+		"-r",
+		"-t ".$Lang::tr{'traffic on'}." ".$interface." ".$Lang::tr{'graph per'}." ".$Lang::tr{$period."-graph"},
+		"-v ".$Lang::tr{'bytes per second'},
+		"--color=SHADEA".$color{"color19"},
+		"--color=SHADEB".$color{"color19"},
+		"--color=BACK".$color{"color21"},
+		"DEF:incoming=".$mainsettings{'RRDLOG'}."/collectd/localhost/openvpn-$interface/if_octets_derive-traffic.rrd:rx:AVERAGE",
+		"DEF:outgoing=".$mainsettings{'RRDLOG'}."/collectd/localhost/openvpn-$interface/if_octets_derive-traffic.rrd:tx:AVERAGE",
+		"DEF:overhead_in=".$mainsettings{'RRDLOG'}."/collectd/localhost/openvpn-$interface/if_octets_derive-overhead.rrd:rx:AVERAGE",
+		"DEF:overhead_out=".$mainsettings{'RRDLOG'}."/collectd/localhost/openvpn-$interface/if_octets_derive-overhead.rrd:tx:AVERAGE",
+		"DEF:compression_in=".$mainsettings{'RRDLOG'}."/collectd/localhost/openvpn-$interface/compression_derive-data_in.rrd:uncompressed:AVERAGE",
+		"DEF:compression_out=".$mainsettings{'RRDLOG'}."/collectd/localhost/openvpn-$interface/compression_derive-data_out.rrd:uncompressed:AVERAGE",
+		"CDEF:outgoingn=outgoing,-1,*",
+		"CDEF:overhead_outn=overhead_out,-1,*",
+		"CDEF:compression_outn=compression_out,-1,*",
+		"COMMENT:".sprintf("%-20s",$Lang::tr{'caption'}),
+		"COMMENT:".sprintf("%15s",$Lang::tr{'maximal'}),
+		"COMMENT:".sprintf("%15s",$Lang::tr{'average'}),
+		"COMMENT:".sprintf("%15s",$Lang::tr{'minimal'}),
+		"COMMENT:".sprintf("%15s",$Lang::tr{'current'})."\\j",
+		"AREA:incoming#00dd00:".sprintf("%-20s",$Lang::tr{'incoming traffic in bytes per second'}),
+		"GPRINT:incoming:MAX:%8.1lf %sBps",
+		"GPRINT:incoming:AVERAGE:%8.1lf %sBps",
+		"GPRINT:incoming:MIN:%8.1lf %sBps",
+		"GPRINT:incoming:LAST:%8.1lf %sBps\\j",
+		"STACK:overhead_in#116B11:".sprintf("%-20s",$Lang::tr{'incoming overhead in bytes per second'}),
+		"GPRINT:overhead_in:MAX:%8.1lf %sBps",
+		"GPRINT:overhead_in:AVERAGE:%8.1lf %sBps",
+		"GPRINT:overhead_in:MIN:%8.1lf %sBps",
+		"GPRINT:overhead_in:LAST:%8.1lf %sBps\\j",
+		"LINE1:compression_in#ff00ff:".sprintf("%-20s",$Lang::tr{'incoming compression in bytes per second'}),
+		"GPRINT:compression_in:MAX:%8.1lf %sBps",
+		"GPRINT:compression_in:AVERAGE:%8.1lf %sBps",
+		"GPRINT:compression_in:MIN:%8.1lf %sBps",
+		"GPRINT:compression_in:LAST:%8.1lf %sBps\\j",
+		"AREA:outgoingn#dd0000:".sprintf("%-20s",$Lang::tr{'outgoing traffic in bytes per second'}),
+		"GPRINT:outgoing:MAX:%8.1lf %sBps",
+		"GPRINT:outgoing:AVERAGE:%8.1lf %sBps",
+		"GPRINT:outgoing:MIN:%8.1lf %sBps",
+		"GPRINT:outgoing:LAST:%8.1lf %sBps\\j",
+		"STACK:overhead_outn#870C0C:".sprintf("%-20s",$Lang::tr{'outgoing overhead in bytes per second'}),
+		"GPRINT:overhead_out:MAX:%8.1lf %sBps",
+		"GPRINT:overhead_out:AVERAGE:%8.1lf %sBps",
+		"GPRINT:overhead_out:MIN:%8.1lf %sBps",
+		"GPRINT:overhead_out:LAST:%8.1lf %sBps\\j",
+		"LINE1:compression_outn#000000:".sprintf("%-20s",$Lang::tr{'outgoing compression in bytes per second'}),
+		"GPRINT:compression_out:MAX:%8.1lf %sBps",
+		"GPRINT:compression_out:AVERAGE:%8.1lf %sBps",
+		"GPRINT:compression_out:MIN:%8.1lf %sBps",
+		"GPRINT:compression_out:LAST:%8.1lf %sBps\\j",
+		);
+		$ERROR = RRDs::error;
+		print "Error in RRD::graph for ".$interface.": ".$ERROR."\n" if $ERROR;
+}
+
 # Generate the Firewall Graph for the current period of time for values given by collecd

 sub updatefwhitsgraph {
--- a/config/collectd/collectd.conf
+++ b/config/collectd/collectd.conf
@@ -92,3 +92,4 @@ include "/etc/collectd.precache"

 #include "/etc/collectd.thermal"
 include "/etc/collectd.custom"
+include "/etc/collectd.vpn"
--- a/config/collectd/collectd.vpn
+++ b/config/collectd/collectd.vpn
@@ -0,0 +1,5 @@
+LoadPlugin openvpn
+
+<Plugin openvpn>
+StatusFile "/var/run/ovpnserver.log"
+</Plugin>
--- a/config/menu/20-status.menu
+++ b/config/menu/20-status.menu
@@ -40,6 +40,18 @@
 				'title' => "$Lang::tr{'network other'}",
 				'enabled' => 1,
 			  };
+	$substatus->{'53.networkovpn'} = {
+				'caption' => "$Lang::tr{'openvpn client'}",
+				'uri' => '/cgi-bin/netovpnrw.cgi',
+				'title' => "$Lang::tr{'openvpn client'}",
+				'enabled' => 1,
+			  };
+	$substatus->{'54.networkovpnsrv'} = {
+				'caption' => "$Lang::tr{'openvpn server'}",
+				'uri' => '/cgi-bin/netovpnsrv.cgi',
+				'title' => "$Lang::tr{'openvpn server'}",
+				'enabled' => 1,
+			  };
    $substatus->{'60.hardwaregraphs'} = {
 				'caption' => "$Lang::tr{'hardware graphs'}",
 				'uri' => '/cgi-bin/hardwaregraphs.cgi',
--- a/config/rootfiles/common/apache2
+++ b/config/rootfiles/common/apache2
@@ -1419,6 +1419,8 @@ srv/web/ipfire/cgi-bin/modem-status.cgi
 srv/web/ipfire/cgi-bin/netexternal.cgi
 srv/web/ipfire/cgi-bin/netinternal.cgi
 srv/web/ipfire/cgi-bin/netother.cgi
+srv/web/ipfire/cgi-bin/netovpnrw.cgi
+srv/web/ipfire/cgi-bin/netovpnsrv.cgi
 srv/web/ipfire/cgi-bin/optionsfw.cgi
 srv/web/ipfire/cgi-bin/ovpnmain.cgi
 srv/web/ipfire/cgi-bin/p2p-block.cgi
--- a/config/rootfiles/common/collectd
+++ b/config/rootfiles/common/collectd
@@ -2,6 +2,7 @@ etc/collectd.conf
 etc/collectd.custom
 etc/collectd.precache
 etc/collectd.thermal
+etc/collectd.vpn
 etc/rc.d/init.d/collectd
 etc/rc.d/rc0.d/K50collectd
 etc/rc.d/rc3.d/S29collectd
--- a/html/cgi-bin/firewall.cgi
+++ b/html/cgi-bin/firewall.cgi
@@ -865,7 +865,7 @@ sub checkrule
 		$errormessage.=$Lang::tr{'fwdfw err remark'}."<br>";
 	}
 	#check if source and target identical
-	if ($fwdfwsettings{$fwdfwsettings{'grp1'}} eq $fwdfwsettings{$fwdfwsettings{'grp2'}} && $fwdfwsettings{$fwdfwsettings{'grp1'}} ne 'ALL'){
+	if ($fwdfwsettings{$fwdfwsettings{'grp1'}} eq $fwdfwsettings{$fwdfwsettings{'grp2'}} && $fwdfwsettings{$fwdfwsettings{'grp1'}} ne 'ALL' && $fwdfwsettings{'grp2'} ne 'ipfire'){
 		$errormessage=$Lang::tr{'fwdfw err same'};
 		return $errormessage;
 	}
--- a/html/cgi-bin/netovpnrw.cgi
+++ b/html/cgi-bin/netovpnrw.cgi
@@ -0,0 +1,72 @@
+#!/usr/bin/perl
+###############################################################################
+#                                                                             #
+# IPFire.org - A linux based firewall                                         #
+# Copyright (C) 2014  Alexander Marx                                          #
+#                                                                             #
+# This program is free software: you can redistribute it and/or modify        #
+# it under the terms of the GNU General Public License as published by        #
+# the Free Software Foundation, either version 3 of the License, or           #
+# (at your option) any later version.                                         #
+#                                                                             #
+# This program is distributed in the hope that it will be useful,             #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
+# GNU General Public License for more details.                                #
+#                                                                             #
+# You should have received a copy of the GNU General Public License           #
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
+#                                                                             #
+###############################################################################
+
+use strict;
+
+# enable only the following on debugging purpose
+#use warnings;
+#use CGI::Carp 'fatalsToBrowser';
+
+require '/var/ipfire/general-functions.pl';
+require "${General::swroot}/lang.pl";
+require "${General::swroot}/header.pl";
+require "${General::swroot}/graphs.pl";
+
+my %color = ();
+my %mainsettings = ();
+&General::readhash("${General::swroot}/main/settings", \%mainsettings);
+&General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color);
+
+my @vpns=();
+
+my @querry = split(/\?/,$ENV{'QUERY_STRING'});
+$querry[0] = '' unless defined $querry[0];
+$querry[1] = 'week' unless defined $querry[1];
+
+if ( $querry[0] ne "" && $querry[0] ne "UNDEF"){
+	print "Content-type: image/png\n\n";
+	binmode(STDOUT);
+	&Graphs::updatevpngraph($querry[0],$querry[1]);
+}else{
+	&Header::showhttpheaders();
+	&Header::openpage($Lang::tr{'host to net vpn'}, 1, '');
+	&Header::openbigbox('100%', 'left');
+
+	my @vpngraphs = `find /var/log/rrd/collectd/localhost/openvpn-*/ -not  -path *openvpn-UNDEF*  -not -path *openvpn-*n2n* -name *.rrd|sort`;
+	foreach (@vpngraphs){
+		if($_ =~ /(.*)\/openvpn-(.*)\/if_octets_derive.rrd/){
+			push(@vpns,$2);
+		}
+	}
+	if(@vpns){
+		foreach (@vpns) {
+			&Header::openbox('100%', 'center', "$_ $Lang::tr{'graph'}");
+			&Graphs::makegraphbox("netovpnrw.cgi",$_,"week");
+			&Header::closebox();
+		}
+	}else{
+		print "<center>".$Lang::tr{'no data'}."</center>";
+	}
+	my $output = '';
+
+	&Header::closebigbox();
+	&Header::closepage();
+}
--- a/html/cgi-bin/netovpnsrv.cgi
+++ b/html/cgi-bin/netovpnsrv.cgi
@@ -0,0 +1,72 @@
+#!/usr/bin/perl
+###############################################################################
+#                                                                             #
+# IPFire.org - A linux based firewall                                         #
+# Copyright (C) 2014  Alexnder Marx                                           #
+#                                                                             #
+# This program is free software: you can redistribute it and/or modify        #
+# it under the terms of the GNU General Public License as published by        #
+# the Free Software Foundation, either version 3 of the License, or           #
+# (at your option) any later version.                                         #
+#                                                                             #
+# This program is distributed in the hope that it will be useful,             #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
+# GNU General Public License for more details.                                #
+#                                                                             #
+# You should have received a copy of the GNU General Public License           #
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
+#                                                                             #
+###############################################################################
+
+use strict;
+
+# enable only the following on debugging purpose
+#use warnings;
+#use CGI::Carp 'fatalsToBrowser';
+
+require '/var/ipfire/general-functions.pl';
+require "${General::swroot}/lang.pl";
+require "${General::swroot}/header.pl";
+require "${General::swroot}/graphs.pl";
+
+my %color = ();
+my %mainsettings = ();
+&General::readhash("${General::swroot}/main/settings", \%mainsettings);
+&General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color);
+
+my @vpns=();
+
+my @querry = split(/\?/,$ENV{'QUERY_STRING'});
+$querry[0] = '' unless defined $querry[0];
+$querry[1] = 'week' unless defined $querry[1];
+
+if ( $querry[0] ne ""){
+	print "Content-type: image/png\n\n";
+	binmode(STDOUT);
+	&Graphs::updatevpnn2ngraph($querry[0],$querry[1]);
+}else{
+	&Header::showhttpheaders();
+	&Header::openpage($Lang::tr{'openvpn server'}, 1, '');
+	&Header::openbigbox('100%', 'left');
+
+	my @vpngraphs = `find /var/log/rrd/collectd/localhost/openvpn-*-n2n/ -not  -path *openvpn-UNDEF* -name *traffic.rrd|sort`;
+	foreach (@vpngraphs){
+		if($_ =~ /(.*)\/openvpn-(.*)\/if_octets_derive-traffic.rrd/){
+			push(@vpns,$2);
+		}
+	}
+	if (@vpns){
+		foreach (@vpns) {
+			&Header::openbox('100%', 'center', "$_ $Lang::tr{'graph'}");
+			&Graphs::makegraphbox("netovpnsrv.cgi",$_,"week");
+			&Header::closebox();
+		}
+	}else{
+		print "<center>".$Lang::tr{'no data'}."</center>";
+	}
+	my $output = '';
+
+	&Header::closebigbox();
+	&Header::closepage();
+}
--- a/html/cgi-bin/ovpnmain.cgi
+++ b/html/cgi-bin/ovpnmain.cgi
@@ -288,7 +288,7 @@ sub writeserverconf {
 	print CONF "keepalive $sovpnsettings{'KEEPALIVE_1'} $sovpnsettings{'KEEPALIVE_2'}\n";
    }	
    print CONF "status-version 1\n";
-    print CONF "status /var/log/ovpnserver.log 30\n";
+    print CONF "status /var/run/ovpnserver.log 30\n";
    print CONF "cipher $sovpnsettings{DCIPHER}\n";
    if ($sovpnsettings{'DAUTH'} eq '') {
        print CONF "";
@@ -354,7 +354,7 @@ sub writeserverconf {
 }    

 sub emptyserverlog{
-    if (open(FILE, ">/var/log/ovpnserver.log")) {
+    if (open(FILE, ">/var/run/ovpnserver.log")) {
 	flock FILE, 2;
 	print FILE "";
 	close FILE;
@@ -905,9 +905,12 @@ unless(-d "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}"){mkdir "${General
  print SERVERCONF "route $remsubnet[0] $remsubnet[1]\n";
  print SERVERCONF "# tun Device\n"; 
  print SERVERCONF "dev tun\n"; 
+  print SERVERCONF "#Logfile for statistics\n";
+  print SERVERCONF "status-version 1\n";
+  print SERVERCONF "status /var/run/openvpn/$cgiparams{'NAME'}-n2n 10\n";
  print SERVERCONF "# Port and Protokol\n"; 
  print SERVERCONF "port $cgiparams{'DEST_PORT'}\n"; 
-  
+
  if ($cgiparams{'PROTOCOL'} eq 'tcp') {
  print SERVERCONF "proto tcp-server\n";
  print SERVERCONF "# Packet size\n";
@@ -1193,6 +1196,14 @@ SETTINGS_ERROR:
    while ($file = glob("${General::swroot}/ovpn/ccd/*")) {
 	unlink $file
    }
+# Delete all RRD files for Roadwarrior connections
+    chdir('/var/ipfire/ovpn/ccd');
+	while ($file = glob("*")) {
+	system ("/usr/local/bin/openvpnctrl -drrd $file");
+	}
+    while ($file = glob("${General::swroot}/ovpn/ccd/*")) {
+	unlink $file
+    }
    if (open(FILE, ">${General::swroot}/ovpn/ovpn-leases.db")) {
 	print FILE "";
 	close FILE;
@@ -2359,7 +2370,10 @@ if ($confighash{$cgiparams{'KEY'}}[3] eq 'net') {
 	
 # CCD end 

-	
+###
+###  Delete all RRD's for client
+###
+	system ("/usr/local/bin/openvpnctrl -drrd $confighash{$cgiparams{'KEY'}}[1]");
 	delete $confighash{$cgiparams{'KEY'}};
 	my $temp2 = `/usr/bin/openssl ca -gencrl -out ${General::swroot}/ovpn/crls/cacrl.pem -config ${General::swroot}/ovpn/openssl/ovpn.cnf`;
 	&General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
@@ -2897,7 +2911,7 @@ END
    </tr>
 END
 ;
-	my $filename = "/var/log/ovpnserver.log";
+	my $filename = "/var/run/ovpnserver.log";
 	open(FILE, $filename) or die 'Unable to open config file.';
 	my @current = <FILE>;
 	close(FILE);
@@ -4897,7 +4911,7 @@ END
    &General::readhasharray("${General::swroot}/ovpn/caconfig", \%cahash);
    &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);

-    my @status = `/bin/cat /var/log/ovpnserver.log`;
+    my @status = `/bin/cat /var/run/ovpnserver.log`;

    if ($cgiparams{'VPN_IP'} eq '' && -e "${General::swroot}/red/active") {
 		if (open(IPADDR, "${General::swroot}/red/local-ipaddress")) {
--- a/langs/de/cgi-bin/de.pl
+++ b/langs/de/cgi-bin/de.pl
@@ -1243,6 +1243,8 @@
 'incoming' => 'eingehend',
 'incoming firewall access' => 'Eingehender Firewallzugang',
 'incoming traffic in bytes per second' => 'Eingehender Verkehr',
+'incoming overhead in bytes per second' => 'Eingehender Overhead',
+'incoming compression in bytes per second' => 'Eingehende Kompression',
 'incorrect password' => 'Fehlerhaftes Passwort',
 'info' => 'Info',
 'init string' => 'Initialisierung:',
@@ -1688,6 +1690,8 @@
 'outgoing firewall view group' => 'Gruppe anzeigen',
 'outgoing firewall warning' => 'Nur die Auswahl Quell IP / MAC aktiviert diese',
 'outgoing traffic in bytes per second' => 'Abgehender Verkehr',
+'outgoing overhead in bytes per second' => 'Abgehender Overhead',
+'outgoing compression in bytes per second' => 'Abgehende Kompression',
 'override mtu' => 'Überschreibe Standard MTU',
 'ovpn' => 'OpenVPN',
 'ovpn add conf' => 'Erweiterte Konfiguration',
--- a/langs/en/cgi-bin/en.pl
+++ b/langs/en/cgi-bin/en.pl
@@ -1272,6 +1272,8 @@
 'incoming' => 'incoming',
 'incoming firewall access' => 'Incoming Firewall Access',
 'incoming traffic in bytes per second' => 'Incoming Traffic',
+'incoming overhead in bytes per second' => 'Incoming Overhead',
+'incoming compression in bytes per second' => 'Incoming Compression',
 'incorrect password' => 'Incorrect password',
 'info' => 'Info',
 'init string' => 'Init:',
@@ -1719,6 +1721,8 @@
 'outgoing firewall view group' => 'View group',
 'outgoing firewall warning' => 'Not selecting source ip or mac ignores them',
 'outgoing traffic in bytes per second' => 'Outgoing Traffic',
+'outgoing overhead in bytes per second' => 'Outgoing Overhead',
+'outgoing compression in bytes per second' => 'Outgoing compression',
 'override mtu' => 'Override default MTU',
 'ovpn' => 'OpenVPN',
 'ovpn add conf' => 'Additional configuration',
--- a/lfs/openvpn
+++ b/lfs/openvpn
@@ -83,6 +83,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 	cd $(DIR_APP) && make install
 	cd $(DIR_APP) && cp -Rvf $(DIR_SRC)/config/ovpn /var/ipfire
 	-mkdir -vp /usr/lib/openvpn/plugins
+	-mkdir -vp /var/log/openvpn
 	-mkdir -vp /var/ipfire/ovpn/ca
 	-mkdir -vp /var/ipfire/ovpn/ccd
 	-mkdir -vp /var/ipfire/ovpn/crls
--- a/src/misc-progs/openvpnctrl.c
+++ b/src/misc-progs/openvpnctrl.c
@@ -73,6 +73,9 @@ void usage(void)
 	printf(" -kn2n --kill-net-2-net\n");
 	printf("      kills all net2net connections\n");
 	printf("      you may pass a connection name to the switch to only start a specific one\n");
+	printf(" -drrd --delete-rrd\n");
+	printf("      Deletes the RRD data for a specific client\n");
+	printf("      you need to pass a connection name (RW) to the switch to delete the directory (case sensitive)\n");
 	printf(" -d   --display\n");
 	printf("      displays OpenVPN status to syslog\n");
 	printf(" -fwr --firewall-rules\n");
@@ -565,6 +568,28 @@ int killNet2Net(char *name) {
 	return 0;
 }

+int deleterrd(char *name) {
+	connection *conn = getConnections();
+
+	char rrd_file[STRING_SIZE];
+	snprintf(rrd_file, STRING_SIZE - 1, "/var/log/rrd/collectd/localhost/openvpn-%s/if_octets.rrd", name);
+
+	char rrd_dir[STRING_SIZE];
+	snprintf(rrd_dir, STRING_SIZE - 1, "/var/log/rrd/collectd/localhost/openvpn-%s", name);
+
+	while(conn) {
+		/* Find only RW-Connections with the given name. */
+		if (((strcmp(conn->type, "host") == 0) && (strcmp(conn->name, name) == 0))) {
+			remove(rrd_file);
+			remove(rrd_dir);
+			return 0;
+		}
+		conn = conn->next;
+	}
+
+	return 1;
+}
+
 void startAllNet2Net() {
 	int exitcode = 0, _exitcode = 0;

@@ -634,6 +659,10 @@ int main(int argc, char *argv[]) {
 		else if( (strcmp(argv[1], "-kn2n") == 0) || (strcmp(argv[1], "--kill-net-2-net") == 0) ) {
 			killNet2Net(argv[2]);
 			return 0;
+		}
+		else if( (strcmp(argv[1], "-drrd") == 0) || (strcmp(argv[1], "--delete-rrd") == 0) ) {
+			deleterrd(argv[2]);
+			return 0;
 		} else {
 			usage();
 			return 1;