I just checked bandwith usage on SolusVM and it was 250gb in 2 days, and I know it’s one of my users through OpenVPN.
I think it is a torrent because it is upload + download 24/7.
I want to find out who is doing this by getting their username. I make accounts for every user on my VPN ( adduser name -s /bin/false/nologin ).
Is it possible to see who is uploading? I need to get the username or subnet ( like 10.8.1.1 ).
Answer
Use tcpdump to identify the source IP of the traffic, then look through your OpenVPN logs to see who that IP address was given to.
Attribution
Source : Link , Question Author : Niel , Answer Author : EEAA
