• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Monitoring\Alert Tunnel IPSEC

Scheduled Pinned Locked Moved IPsec
3 Posts 3 Posters 1.1k Views 3 Watching
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • P Offline
    patrick.pesegodinski
    last edited by Apr 28, 2023, 6:01 PM

    Friends.

    I have a PFSENSE with some configured IPSEC tunnels.

    I searched but couldn't find it, as many are old threads.

    Is it possible to monitor these tunnels if they are online or offline and receive these alerts by email, for example?

    Thanks.

    J M 2 Replies Last reply Jun 16, 2023, 1:39 PM Reply Quote 0
    • J Offline
      Josh 0 @patrick.pesegodinski
      last edited by Jun 16, 2023, 1:39 PM

      I have seen this mentioned elsewhere, but could you add a gateway with a Monitor IP and some static routes under that gateway that use the tunnel? Then use the pfsense gateway monitoring to alert you if the gateway is down?

      You can check out the instructions here for making the gateway and routes: https://docs.netgate.com/pfsense/en/latest/vpn/ipsec/access-firewall-over-ipsec.html

      Hope that helps!

      1 Reply Last reply Reply Quote 0
      • M Offline
        michmoor LAYER 8 Rebel Alliance @patrick.pesegodinski
        last edited by michmoor Jun 16, 2023, 2:04 PM Jun 16, 2023, 1:48 PM

        @patrick-pesegodinskiHow I currently do it, I have graylog set up. All my logs from all systems get sent there. I also have routing turned up over the tunnel. When the routing protocol neighbor goes down, a syslog is created, sent to graylog where i have a flow set up that I get an email when this happens. Doesn't always indicates that the tunnel goes down but its informational.
        Another twist on this is to use a monitor IP for the other end of the tunnel. When there is loss or high latency a syslog gets created and sent to graylog where I have a flow set up to send me an email. An example of this email is below
        9951eb1b-d096-438f-86c7-da868a807d49-image.png

        edit
        Here is a screen shot of my routing neighborship going down
        bb6a82c1-200c-4a77-80dd-c2ee795ab93b-image.png

        These examples are just evidence that something is going on on the path the VPN travels between sites. As there could be quite a few hops and the quality of the links could be suspect it indicates trouble but i cant really do much about it.
        All of this is just informational but I did manage to spot a few problems and resolve so your mileage may vary.

        Firewall: NetGate,Palo Alto-VM,Juniper SRX
        Routing: Juniper, Arista, Cisco
        Switching: Juniper, Arista, Cisco
        Wireless: Unifi, Aruba IAP
        JNCIP,CCNP Enterprise

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
          [[user:consent.lead]]
          [[user:consent.not_received]]