hass-pfsense icon indicating copy to clipboard operation
hass-pfsense copied to clipboard

Published 20 hours ago verified publisher icon travisghansen

Feature request

Open KevSex opened this issue 2 years ago • 4 comments

Hi,

Would be good to add sensors for the status of IPSec VPNs. P1 and P2 statuses, bytes/packets in/out.

Thanks, Kev

KevSex avatar Aug 08 '22 08:08 KevSex

I think doing this for mobile clients may be messy. Are you after that or site-to-site stuff?

travisghansen avatar Aug 13 '22 17:08 travisghansen

Site-to-site... Would be good to monitor it to subsequently get a notification when a tunnel goes down

KevSex avatar Aug 13 '22 17:08 KevSex

Yeah ok. The trouble with mobile is it's near impossible to derive something like a unique id/key per connection whereas for site-to-site (based on my knowledge/understanding) it's implied a single sa/connection per config.

travisghansen avatar Aug 13 '22 18:08 travisghansen

Actually looking more deeply into this P2 details are quite tricky. I showed the same P2 with 2 connection, each with a state of:

            "state": "REKEYED",
or
            "state": "INSTALLED",

It's impossible to give a state of the P2 as each P2 can technically have multiple states. It may be easier to only provide P1 data/state and aggregate all P2 into the P1 sensors. For example, rather than showing per-P2 bytes/packet stats we add them all up and give a total per-P1 stat.

Not sure, just throwing out ideas and churning on it still...

travisghansen avatar Aug 13 '22 19:08 travisghansen