in normal Site2Site VPN setups you could monitor the tunnel state by pinging the remote end of the vpn. If it doesn't respond it's down! [;)] With the REDs being a local interface on the ASG it's no longer possible to check the tunnel state with ping.
We wrote a nagiosplugin which checks the link state of a given RED ID and returns OK when online and CRITICAL when offline. There are also some other values we report, on-/offline time and IP were it is connected from.
I'll give you a short description how to setup the plugin, expecting that you've got a running nagios environment:
1. Copy the check_asg_red_state.pl to your nagios plugn directory (normally /usr/local/nagios/libexec) and make it executable
2. Create a new check_command looking like this:
# 'check_' command definition
define command{
command_name check_asg_red_state
command_line $USER1$/check_asg_red_state.pl -H $HOSTADDRESS$ -R $ARG1$
}
3. You need to gennerate a key pair for the nagios user in order to use the passwordless authentication with the host. This can be done by running
ssh-keygen -t rsa -N ""
as nagios user or
su - nagios -c 'ssh-keygen -t rsa -N "" '
4. Install your public key on your Astaro for passwordless login of loginuser.
5. Now you can test your setup:
nagios@debian:/usr/local/nagios/libexec$ ./check_asl_red_state.pl -H my.firewall.net -R A300001234567890
RED STATE OK - RED connected from 1.2.3.4, uptime 22h 15min | Uptime=1335min;;
Now you can start adding the REDs to your nagios configuration.
There maybe BUGs, please let me know if you found something unusual or if it doesn't work.
I hope this is helpful for other people, if you have questions feel free to ask!
Regards,
Cobotec GmbH
Mario Techel
Version 1.1:
- minor bugfixes, changed default value for StrictHostKeyChecking to no
This thread was automatically locked due to age.
