zabbix-ipsec Script

Hello,

Where is the check_ipsec.sh script placed? Server or client? Could you give me the configuration with a practical example? Thanks

Nov 28 '23 16:11 caporrino

Hello,

you have to install the script on the system where your ipsec tunnels are running. You can either install them on one side, or on both sides.

The json config file must also be in that place.

{
    "data":[
        { "{#TUNNEL}":"tunnel1","{#TARGETIP}":"192.168.35.1","{#SOURCEIP}":"192.168.230.4","{#RTT_TIME_WARN}":"80","{#RTT_TIME_ERR}":"150" }
        ]
}

tunnel1 -> Name of the ipsec tunnel as defined in your ipsec config target ip -> IP on the other side of the tunnel, we ping this to check if the tunnel is up and running source ip -> IP on your side (where the script is running), this is your sending IP address (Important if you have multiple interfaces/ip addresses)

Finally the two rtt times tell the system to warn/error when the rtt of the pings exceeds the given values

With best regards

André

Nov 29 '23 08:11 a-schild

Hello André,

I tried to run, but don´t work for me.

Nov 30 '23 13:11 caporrino

Have you placed it in the folder specified?

grafik

Nov 30 '23 15:11 a-schild

Yes. In the place where you mentioned it. On the host where ipsec runs in the \usr\lib\zabbix\externalscripts directory

Nov 30 '23 16:11 caporrino

And is this also the location where the zabbix agent is running?

Nov 30 '23 16:11 a-schild

Yes

Nov 30 '23 17:11 caporrino

And can you start it from the commandline? (And chmod a+x for the .sh file)

Nov 30 '23 17:11 a-schild

Yes.

Nov 30 '23 18:11 caporrino

zabbix-ipsec zabbix-ipsec copied to clipboard

Script

zabbix-ipsec
zabbix-ipsec copied to clipboard