Skip to content
Monitoring PFSense IPSec tunnels using zabbix
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
scripts
.gitignore Scripts, templates and dashboards for IPSEC PFSense monitoring using … Sep 18, 2018
README.md Update README.md to include grafana dashboard link Oct 3, 2018
grafana_ipsec_dashboard.json New version of grafana dashboard Sep 19, 2018
ipsec_template.xml
traffic.txt Scripts, templates and dashboards for IPSEC PFSense monitoring using … Sep 18, 2018
userparameter_ipsec.conf Scripts, templates and dashboards for IPSEC PFSense monitoring using … Sep 18, 2018
zabbix-ipsec-parser.py Refactoring findDesc function to use etree insted of minidom Sep 19, 2018
zabbix_sudoers Scripts, templates and dashboards for IPSEC PFSense monitoring using … Sep 18, 2018

README.md

Monitoring IPsec tunnels on PFSense using zabbix

This project was forked from https://github.com/jpmenil/zabbix-templates. Thanks to @jpmenil by share

This template is used for monitoring IPSEC tunnels on PFSense using zabbix.

Dependencies

  • Zabbix agent (you can install it from pfsense packages manager)
  • sudo (you can install it from pfsense packages manager)
  • Zabbix Server >= 3.2
  • check_ipsec.sh
  • check_ipsec_traffic.sh
  • zabbix-ipsec.py
  • zabbix_sudoers

How it works

The template queries zabbix-ipsec.py for tunnels ids (conXXXX). After that, the items prototipes are created consuming check_ipsec.sh script. The script check_ipsec_traffic is used to collect traffic about the tunnel. There are also a grafana dashboard if you want https://grafana.com/dashboards/8008 (grafana_ipsec_dashboard.json).

Installation

  • You have to put check_ipsec.sh, check_ipsec_traffic.sh and zabbix-ipsec.py on pfsense filesystem. (/usr/local/bin/ in this example)
  • Install sudo pakage at pfsense packages manager
  • Copy file zabbix_sudoers under /usr/local/etc/sudoers.d
  • Enabled Custom Configuration on Advanced Settins at System -> sudo
  • Create the follow user parameters at zabbix-agent config page on pfsense (Service -> Zabbix-agent -> Advanced Options)
UserParameter=ipsec.discover,/usr/local/bin/python2.7 /usr/local/bin/zabbix-ipsec.py
UserParameter=ipsec.tunnel[*],/usr/local/bin/sudo /usr/local/bin/check_ipsec.sh $1
UserParameter=ipsec.traffic[*],/usr/local/bin/sudo /usr/local/bin/check_ipsec_traffic.sh $1 $2
  • Set execution permissions
chmod +x /usr/local/bin/zabbix-ipsec.py
chmod +x /usr/local/bin/check_ipsec.sh 
chmod +x /usr/local/bin/check_ipsec_traffic.sh 
  • Import the template ipsec_template.xml on zabbix and attach to pfsense hosts
  • Go get a beer

To do

  • Create feature to check if there are communication between sites (ping, nc or something like that)
  • Recfactoring check_ipsec_traffic and check_ipsec to optimize execution (use a kind of cache insted of run ipsec command and parser result a lot of times)

Notes

PR are always welcome

You can’t perform that action at this time.