Monitoring\Alert Tunnel IPSEC
-
Friends.
I have a PFSENSE with some configured IPSEC tunnels.
I searched but couldn't find it, as many are old threads.
Is it possible to monitor these tunnels if they are online or offline and receive these alerts by email, for example?
Thanks.
-
I have seen this mentioned elsewhere, but could you add a gateway with a Monitor IP and some static routes under that gateway that use the tunnel? Then use the pfsense gateway monitoring to alert you if the gateway is down?
You can check out the instructions here for making the gateway and routes: https://docs.netgate.com/pfsense/en/latest/vpn/ipsec/access-firewall-over-ipsec.html
Hope that helps!
-
@patrick-pesegodinskiHow I currently do it, I have graylog set up. All my logs from all systems get sent there. I also have routing turned up over the tunnel. When the routing protocol neighbor goes down, a syslog is created, sent to graylog where i have a flow set up that I get an email when this happens. Doesn't always indicates that the tunnel goes down but its informational.
Another twist on this is to use a monitor IP for the other end of the tunnel. When there is loss or high latency a syslog gets created and sent to graylog where I have a flow set up to send me an email. An example of this email is below
edit
Here is a screen shot of my routing neighborship going down
These examples are just evidence that something is going on on the path the VPN travels between sites. As there could be quite a few hops and the quality of the links could be suspect it indicates trouble but i cant really do much about it.
All of this is just informational but I did manage to spot a few problems and resolve so your mileage may vary.