I’ve been assigned the task of gathering VPN statistics for a client. Their system operates on VMware NSX 4.0.0.1. After checking, I found that the current PowerCLI lacks the capability to extract VPN statistics. Since VMware NSX has a RestAPI interface, we can perform various actions through RestAPI calls.
I’ve developed a script for this purpose. In the script, you start by specifying the NSX Manager’s fully qualified domain name or IP address on the 1st line using variable ($nsxManager). From line 5 onwards, you define a list of VPN session names in an array ($vpnSessionNames).
Upon running the script, it will prompt for authentication, gather the current statistics, display the results on the screen, and export them to a CSV file. If you wish to reset the statistics after collection, uncomment line 48. In this case, the next time you run the script, you’ll see fresh statistics collected between script runs.
$nsxManager = "nsxmanager01.lab.local"
$credentials = Get-Credential
# Fill-in list of VPN sessions you want to collect statistics
$vpnSessionNames = @("client-vpn-session-name-01",
"client-vpn-session-name-02",
"client-vpn-session-name-03",
"client-vpn-session-name-04",
"client-vpn-session-name-05",
"client-vpn-session-name-06",
"client-vpn-session-name-07",
"client-vpn-session-name-08",
"client-vpn-session-name-09")
$baseURL = "https://$nsxManager/api/v1"
$vpnSessionsURL = $baseURL + "/vpn/ipsec/sessions"
$AuthMethod = "Basic"
$vpnSessions = Invoke-RestMethod -Method 'Get' -Uri $vpnSessionsURL -Credential $credentials -ContentType "application/json" -SkipCertificateCheck -Authentication:$AuthMethod
$vpnSessionsArray = @()
foreach ($vpnSession in $vpnSessions.results) {
$vpnSession = @{
'vpn_session_name' = $vpnSession.display_name
'vpnSessionId' = $vpnSession.id
}
$vpnSessionsArray += New-Object PSObject -Property $vpnSession
}
$vpnStatArray = @()
foreach ($vpnSessionName in $vpnSessionNames) {
foreach ($vpnSession in $vpnSessionsArray) {
if ($vpnSession.vpn_session_name -eq $vpnSessionName) {
$vpnServiceId = $vpnSession.vpnSessionId
$vpnStatsEndpoint = "/vpn/ipsec/sessions/$vpnServiceId/statistics"
$urlGetStat = $baseURL + $vpnStatsEndpoint
$urlResetStat = $urlGetStat + "?action=reset"
$vpnStatistics = Invoke-RestMethod -Method 'Get' -Uri $urlGetStat -Credential $credentials -ContentType "application/json" -SkipCertificateCheck -Authentication:$AuthMethod
$vpnTunnelStatistics = $vpnStatistics.policy_statistics.tunnel_statistics
foreach ($vpnTunnel in $vpnTunnelStatistics){
$vpnTunnelInfo = @{
'vpn_name' = $vpnSession.vpn_session_name
'peer_subnets' = $vpnTunnel.peer_subnet
'local_subnets' = $vpnTunnel.local_subnet
'MB_in' = [int][Math]::Round($vpnTunnel.bytes_in / 1024 / 1024)
'MB_out' = [int][Math]::Round($vpnTunnel.bytes_out / 1024 / 1024)
}
$vpnStatArray += New-Object PSObject -Property $vpnTunnelInfo
#Invoke-RestMethod -Method 'Post' -Uri $urlResetStat -Credential $credentials -ContentType "application/json" -SkipCertificateCheck -Authentication:$AuthMethod
}
}
}
}
$vpnStatArray | Format-Table -AutoSize vpn_name,peer_subnets,local_subnets,MB_in,MB_out
$datetime = (Get-Date).ToString("yyyy-MM-dd_HH-mm-ss")
$exportFileName = "./vpn_info-" + $datetime + ".csv"
$vpnStatArray | Select-Object -Property vpn_name,peer_subnets,local_subnets,MB_in,MB_out | Export-Csv -Path $exportFileName -NoTypeInformation
Yevgeniy Steblyanko
Latest posts by Yevgeniy Steblyanko (see all)
- VMware NSX VPN tunnels statistics collection with PowerShell - February 29, 2024
- vSphere & NSX: Active Directory over LDAPs authentication - February 3, 2022
- Export / Backup VMware NSX ESG/DLR configurations with PowerNSX (part 2, DLRs) - March 26, 2020
