Please see the vpninfo command, I have highlighted some relevant switches below. Flow refers to connection traversing a tunnel, plus the ESP/NAT-T pseudoconnections themselves.
Usage: vpninfo [OPTION]...
-H: Dump IKE peer information
-Y: Dump mobile and dynamic peer information
-S: Dump sessions
-a: Dump IPsec SAs
-e: Dump IPsec SAs
-z: Display ongoing IKE and IPsec negotiations
-t <tunnelID>: Dump IPsec SAs of tunnel
-Z <transform>: Dump details of an IPsec SA
-A: Dump Audit log
-g: Dump global info
-f: Dump flows
-F <rule>: Dump flows by rule
-r: Dump rules
-R <rule>: Dump rule details
-s: Dump statistics of all transforms
-V: Display version information
-l: Output log message buffer
-c: Display policy manager connections
-L <len>: Set log message buffer length in messages (also clears buffer)
-o: Continuous log message output
-i: Dump IKE SA list
-C: Clustering statistics
-m: Print the module's operating mode (FIPS / non-FIPS)
-M: Output VPN SA monitoring status
-v: Output vpn monitoring current status
-P: Output TCP encapsulation connection states
-X: Complete VPN Status
-Q: Check configuration status
-k: Display SPI hashing key info
-n <level>: Set IKE debug level (0 - 15, 0 = no debug) (e.g. -n 6)
-N: No output messages
-d: Dump current DHCP sessions
-K: Dump certificates
-B <spi>: Delete IKE SAs
-b <transform_index>: Delete IPsec SAs
-J <in_spi> <out_spi>: Delete IPsec SA by Inbound and Outbound SPI values
-p <ip_addr>: Delete SAs by peer
-y <conn_id>: Delete SAs by connection
-U <username>: Delete session and SAs by username
-G <username> <domain>: Delete session and SAs by username@domain
-j <session_id>: Delete SAs by session id
-O <command> <parameters>: External crypto register/unregister/status
-h: Display this help
I have tried this command but do not find what info I need or perhaps do not know how to break it down to usable info.
I have a vpn that is getting used by about 800+ users and was wanting to find a way to view how many are using the vpn pipe at any time.
Most of these stats are about the single vpn rather than users on the vpn.
If talking about a site-to-site VPN, you can see the open connections through a tunnel by checking the transform statistics. Use "vpninfo -a" to find the relevant IPsec SA (Phase-2) and note the transform. Then you can view all transforms with "vpninfo -s", it lists number of flows for each. If you have a lot of SAs, then you can also view individual transforms with "vpninfo -Z <transform>".
If it's a client VPN then you should use "vpninfo -S" to see concurrently connected users.
That did the trick
I used the vpninfo -s
The flows had what I neede -869,
Octets (in/out): 13679815910/977794884, Packets (in/out): 17140877/13256063, Dropped: 0
MAC failures: 0, rekeys: 10, flows: 869