Skip to content
Switch branches/tags

Monitoring IPsec tunnels on PFSense using zabbix

This project was forked from Thanks to @jpmenil by share

This template is used for monitoring IPSEC tunnels on PFSense using zabbix.


  • Zabbix agent (you can install it from pfsense packages manager)
  • sudo (you can install it from pfsense packages manager)
  • Zabbix Server >= 3.2
  • zabbix_sudoers

How it works

The template queries for tunnels ids (conXXXX). After that, the items prototipes are created consuming script. The script check_ipsec_traffic is used to collect traffic about the tunnel. There are also a grafana dashboard if you want (grafana_ipsec_dashboard.json).


  • You have to put, and on pfsense filesystem. (/usr/local/bin/ in this example)
  • Install sudo pakage at pfsense packages manager
  • Copy file zabbix_sudoers under /usr/local/etc/sudoers.d
  • Enabled Custom Configuration on Advanced Settins at System -> sudo
  • Create the follow user parameters at zabbix-agent config page on pfsense (Service -> Zabbix-agent -> Advanced Options),/usr/local/bin/python2.7 /usr/local/bin/
UserParameter=ipsec.tunnel[*],/usr/local/bin/sudo /usr/local/bin/ $1
UserParameter=ipsec.traffic[*],/usr/local/bin/sudo /usr/local/bin/ $1 $2
  • Set execution permissions
chmod +x /usr/local/bin/
chmod +x /usr/local/bin/ 
chmod +x /usr/local/bin/ 
  • Import the template ipsec_template.xml on zabbix and attach to pfsense hosts
  • Go get a beer

To do

  • Create feature to check if there are communication between sites (ping, nc or something like that)
  • Recfactoring check_ipsec_traffic and check_ipsec to optimize execution (use a kind of cache insted of run ipsec command and parser result a lot of times)


PR are always welcome


Monitoring PFSense IPSec tunnels using zabbix



No releases published


No packages published