VPN Software

check_openvpn_pl

Write a Review

Description:

This plugin verifies the state of the clients connected to a openvpn server by means of the management interface.

Current Version

Last Release Date

June 23, 2009

Compatible With

Owner

Nagios Exchange

Website

http://emergeworld.blogspot.com/

Copy Page Link Recommend Login to Add to Favorites
Project Files
FileDescription
check_openvpn.pl

Perl Script

Project Notes
The -H [IP or hostname of the openvpn server] and -p options [port of the openvpn server] are always obligatory. If plugin can be connected with the management interface it will show the common name (as it is specified in the client certificate) of the connected clients. Otherwise, it will finish with critical state. The -i option shows the remote IP address of the client instead of their common name and the -n option shows the number of connected clients. It is possible to be verified that a client in particular is connected using one of these two options -C [common name] or -r [remote IP address]. If these options are used, also the exit state is due to specify that will give back plugin if it does not find the client through the -w [warning] -c [critical] options. Examples of use: # Basic usage: It gives back the names of the connected clients the -t option (timeout) is optional. The default value is 10 check_openvpn -H 192.168.10.1 -p 1195 -P mypassword -t 5 OpenVPN OK: cliente1 cliente2 # Returns the remote IP address of the client instead of the common name check_openvpn -H 192.168.10.1 -p 1195 -P mypassword -i OpenVPN OK: 192.168.0.5 192.168.0.15 # Returns the number of connected clients. check_openvpn -H 192.168.10.1 -p 1195 -P mypassword -n OpenVPN OK: 2 connected clients. # Check if cliente1 is connected and if it does not give back warning. check_openvpn -H 192.168.10.1 -p 1195 -P mypassword -C client -w OpenVPN OK: cliente1 cliente2 # Check if the machine with IP 192.168.0.15 is connected and if it does not give back critical. check_openvpn -H 192.168.10.1 -p 1195 -P mypassword -r 192.168.0.15 -c OpenVPN OK: 192.168.0.5 192.168.0.15 This plugin depends on the Net::Telnet Perl module.
Reviews (1) Add a Review
patch for OpenVPN2 point-to-point
by bill_mcgonigle, April 30, 2012

just a quick note: put something like this in your config file to enable the management interface: management 127.0.0.1 2194 /etc/openvpn/management-password and pass the relevant options in for this probe. (put your password in that named file and get your permissions right!). I'm using OpenVPN 2.2.2 on CentOS 5 in 2012 and I needed to make a few small changes for a point-to-point link (plus a few warning message tweaks). Unified diff follows. Thank you Jamie - using the management interface is the right way to do this (my previous grep hacks were silly). ------------- --- check_openvpn.pl-dist 2012-04-30 18:21:13.000000000 -0400 +++ check_openvpn.pl 2012-04-30 18:45:07.000000000 -0400 @@ -4,6 +4,9 @@ # # Copyright (c) 2007 Jaime Gascon Romero # +# Modified 2012-04-30 Bill McGonigle +# to handle OpenVPN 2 point-to-point connection checking. +# # License Information: # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -28,7 +31,7 @@ use Net::Telnet (); use Getopt::Long qw(:config no_ignore_case); use vars qw($PROGNAME $VERSION); -use lib "/usr/nagios/libexec"; +use lib "/usr/lib/nagios/plugins"; use utils qw(%ERRORS); $PROGNAME = "check_openvpn"; @@ -85,7 +88,7 @@ $t->print($opt_P); } $t->waitfor('/^$/'); -@lines = $t->cmd("status 2"); +@lines = $t->cmd("state"); $t->close; }; @@ -97,7 +100,7 @@ if (defined $opt_i || defined $opt_r) { foreach (@lines) { - if ($_ =~ /CLIENT_LIST,.*,(d+.d+.d+.d+):d+,/) { + if ($_ =~ /d+,CONNECTED,SUCCESS,d+.d+.d+.d+,(d+.d+.d+.d+)/) { push @clients_ip, $1; } } @@ -107,10 +110,10 @@ } elsif (defined $opt_r) { if ( ! grep /b$opt_rb/, @clients_ip) { if (defined $opt_c) { - print "OpenVPN CRITICAL: $opt_r don't found"; + print "OpenVPN CRITICAL: $opt_r not found"; exit $ERRORS{'CRITICAL'}; } else { - print "OpenVPN WARNING: $opt_r don't found"; + print "OpenVPN WARNING: $opt_r not found"; exit $ERRORS{'WARNING'}; } } @@ -128,10 +131,10 @@ if (defined $opt_C) { if ( ! grep /b$opt_Cb/, @clients) { if (defined $opt_c) { - print "OpenVPN CRITICAL: $opt_C don't found"; + print "OpenVPN CRITICAL: $opt_C not found"; exit $ERRORS{'CRITICAL'}; } else { - print "OpenVPN WARNING: $opt_C don't found"; + print "OpenVPN WARNING: $opt_C not found"; exit $ERRORS{'WARNING'}; } }


Add a Review

You must be logged in to submit a review.

Thank you for your review!

Your review has been submitted and is pending approval.

Recommend

To:


From:


Thank you for your recommendation!

Your recommendation has been sent.

Page Sections
Project Overview Project Files Project Notes Reviews
Project Stats
Rating
5 (1)
Favorites
1
Views
112,705