How to get OpenVPN client's public IP when it connects to the server?

Question

I need to know the public IP (aka ISP's IP) of a client when it connects to my server. I tried learn-address script but it does not provide real IP. Currently it is possible to get it from OpenVPN log files, (pattern: MULTI: Learn: 10.2.1.5 -> client-5/27.147.X.Y:34244).

The server runs a heavily busy Asterisk PBX. So it is inefficient to parse logs frequently (it become worse when log file gets huge in size).

Whenever a client connects/re-connects from a different IP, I need to update the database. I need an easy solution for it.

Presisely, I need the mapping of inner ip to outer ip of the OpenVPN tunnel.

N.B. I use staticly assigned IP addresses (e.g. 10.2.1.5 for common name client-5) from CCD files (exclusive ccd) in tun mode.

Answer 1

OK, done. I found it from environment variables OpenVPN passes during script execution.

I checked for ifconfig_pool_remote_ip and trusted_ip environment variables.

Here is my code executed by OpenVPN when client connects.

#!/usr/bin/env php
<?php
$con = mysqli_connect("localhost", "root", "...") or die(mysqli_error($con));
mysqli_select_db($con, "...") or die(mysqli_error($con));

$tunnel_ip = getenv('ifconfig_pool_remote_ip');
$real_ip = getenv('trusted_ip');

if ($tunnel_ip && $real_ip) {
    mysqli_query($con, "UPDATE tunnels SET real_ip = '$real_ip' WHERE ip LIKE '$tunnel_ip'");
}
// file_put_contents('/tmp/ip-updated', date('Y-m-d H:i:s') . ":  $tunnel_ip $real_ip\n", FILE_APPEND);
exit;

But environment variables were not accessible until I addded variables_order = "EGPCS" in /etc/php.d/99-env.ini (I created this file).

Although it required script-security 2 and client-connect /my/script/path.php to be added to OpenVPN server config file, it solved my problem.