VPN Software

check_ipsec2

Write a Review

Description:

Used to check whether StongSwan/OpenSwan IPSEC tunnels are up or not. Can check if a total number of tunnels are up or per tunnel name. Currently has been tested against StrongSwan 5.x. If Earlier versions of StrongSwan need to be supported let me know.

sudoers entry:

nagios ALL=(root) NOPASSWD: /usr/lib/nagios/plugins/check_ipsec2

nrpe_local.cfg entry:

command[check_ipsec2]=sudo /usr/lib/nagios/plugins/check_ipsec2 $ARG1$

/etc/nagios/ipsec_gateways.txt entry:

CON-192.168.48.0 192.168.48.1

Service definition:

define service {
use generic-service
host_name vpngw.domain.tld
service_description Check CON-192.168.48.0
check_command check_ipsec2!”-c CON-192.168.48.0 -p -s”
}

or

define service {
use generic-service
host_name vpngw.domain.tld
service_description Check Tunnels
check_command check_ipsec2!”-a 4″
}

Command definition:

define command{
command_name check_ipsec2
command_line $USER1$/check_nrpe -H $HOSTADDRESS$ -c check_ipsec2 -a $ARG1$
}

Usage:
$PROGNAME [-hprsv] [-a number of connections] [-c IPSEC connection name]
-a (Check all connections)
-c (Check specific connection)
-p (Ping remote gateway. Used only with -c)
-r (Restart IPSEC if down)
-s (Reacquire SA for connection. Used only with both -c and -p)
-h (Show this help screen)
-v (Show version)

-a and -c cannot be used together.
-s can only be used with -c.
-p can only be used with -c.

Current Version

1.0rc1

Last Release Date

2015-03-11

Compatible With

  • Nagios 2.x
  • Nagios 3.x

Owner

Charles Williams

Website

http://www.itadmins.net

Download URL

http://wiki.itadmins.net/doku.php?id=icinga-nagios:check_ipsec2&#code

License

GPL

Copy Page Link Recommend Contact Owner Login to Add to Favorites
Project Files
FileDescription
check_ipsec2.sh
Project Notes
Reviews (2) Add a Review
Some corrections to the script
by arunshetty, March 31, 2017

Although the script worked flawlessly locally, I had to edit it as follows to correct the logic: if [[ "$eroutes" -eq "2" ]] then echo "OK - All 2 tunnels are up an running" exit $STATE_OK elif [[ "$eroutes" -gt "2" ]] then echo "WARNING - More than 2 ($eroutes) tunnels are up an running" exit $STATE_WARNING else echo "CRITICAL - Only $eroutes tunnels from 2 are up an running - $(location)" exit $STATE_CRITICAL fi Besides this, I had to do the following to fetch the results via NRPE plugin remotely: chown nagios /var/run/pluto/pluto.clt Now I'm able to view the proper results over my NAGIOS monitoring console. Hope this helps someone.


remote results via NRPE different
by united-networking, February 29, 2016

Hi, we want to use this script to remotely check VPN tunnels' status, executing this script with NRPE on an IPcop host. But there is no command which in our IPcop v2.1.9, although http://www.cobin.de/binary.php has a locate addon. We therefore replaced "which " with the full paths of files in check_ipcop2.sh. Also, in the scripts function check_connection(), in the line: eroutes=`$IPSECBIN whack --status | grep -e "IPsec SA established" | grep -e "$2" | wc -l` we believe the $2 should actually read $1. With these modifications, we were able to use the script locally: $ /var/ipcop/addons/nrpe/plugins/check_ipsec2_mod.sh -c tunnelname OK - tunnelname Connection is up and running Sadly, the same check done remotely on the Nagios host, with that same commandline above defined for NRPE as command check_tunnelname, does return a different result: /usr/local/nagios/libexec/check_nrpe -H ipcop-hostaddr -c check_tunnelname CRITICAL - tunnelname Connection is down This may only be a user rights problem, as the local test was done as root, but the nrpe service runs as user nagios. But there is no command su or sudo in our IPcop v2.1.9 (hence no /etc/sudoers), and we know of no suitable addon. -- regards, -- United Networking


Add a Review

You must be logged in to submit a review.

Thank you for your review!

Your review has been submitted and is pending approval.

Recommend

To:


From:


Thank you for your recommendation!

Your recommendation has been sent.

Page Sections
Project Overview Project Files Project Notes Reviews
Project Stats
Rating
4 (2)
Favorites
0
Views
51,244