I just checked bandwith usage on SolusVM and it was 250gb in 2 days, and I know it’s one of my users through OpenVPN.
I think it is a torrent because it is upload + download 24/7.
I want to find out who is doing this by getting their username. I make accounts for every user on my VPN ( adduser name -s /bin/false/nologin ).
Is it possible to see who is uploading? I need to get the username or subnet ( like 10.8.1.1 ).
Use tcpdump to identify the source IP of the traffic, then look through your OpenVPN logs to see who that IP address was given to.
Source : Link , Question Author : Niel , Answer Author : EEAA