Nrpe check_ping and Ipsec
-
Hi there,
Have a question here.
I want to monitor a ipsec tunnel between 2 pfsense. I thought could use nagios nrpe with check_ping to ping the other pfsense LAN interface and, thanks to this, see if the tunneling is working or not.
The problem is, that pfsense use its default interface (WAN) for the ping, and doesn't work. Check_ping doesn't have a -S option to specify a source interface or IP.
Do you know a way to make this work or other option for monitoring ipsec tunneling with nagios?
Thank you.
-
Two ideas:
1. Tried and true method: https://doc.pfsense.org/index.php/Why_can%27t_I_query_SNMP,_use_syslog,_NTP,_or_other_services_initiated_by_the_firewall_itself_over_IPsec_VPN
2. Simpler and may work just as well: Add a Phase 2 that covers the WAN IP - Remote LAN path to both sides.
-
Thank you very much jimp.
I chose the first option and its working well, just as I wanted. Wasn't so hard after all. I had to add the "-4" flag in the nrpe check too.
One problem less :)