A Toolkit for Strongswan / IPSec Tunnel in Linux machines, Can be used in Zabbix as a script.
- Find all tunnels and count them.
- Determine Packet Loss to each tunnel.
- Determine RTT (Round Trip Time) for each tunnel
- Determine the status of ipsec tunnel in systemd (Openswan and Strongswan)
- Can be used in Zabbix.
- Count all tunnels:
zabbix@StrongSwan1:/etc/zabbix/scripts$ ./strongswan-monitor-toolkit.sh count_all_tunnels`
2
- Determine packet loss to a certain tunnel:
zabbix@StrongSwan1:/etc/zabbix/scripts$ ./strongswan-monitor-toolkit.sh packetloss afranet
0
- Determine RTT (Round Trip Time) to a certain tunnel.
zabbix@StrongSwan1:/etc/zabbix/scripts$ ./strongswan-monitor-toolkit.sh rtt afranet`
6.214
- Determine the openswan/strongswan status in systemd (1=running, 0=stopped,crashed)
zabbix@StrongSwan1:/etc/zabbix/scripts$ ./strongswan-monitor-toolkit.sh systemd
1
UserParameter=count_all_tunnels,bash /etc/zabbix/scripts/strongswan-monitor-toolkit.sh count_all_tunnels
UserParameter=packetloss_afranet,bash /etc/zabbix/scripts/strongswan-monitor-toolkit.sh packetloss to-afranet
UserParameter=packetloss_mobinnet,bash /etc/zabbix/scripts/strongswan-monitor-toolkit.sh packetloss to-Mobinnet
UserParameter=rtt_afranet,bash /etc/zabbix/scripts/strongswan-monitor-toolkit.sh rtt to-afranet
UserParameter=rtt_mobinnet,bash /etc/zabbix/scripts/strongswan-monitor-toolkit.sh rtt to-Mobinnet
UserParameter=systemd,bash /etc/zabbix/scripts/strongswan-monitor-toolkit.sh systemd
- Keep in mind to add Zabbix user in sudoers for ipsec and systemd command like this (/etc/sudoers):
zabbix ALL=(ALL) NOPASSWD:/usr/sbin/ipsec,NOPASSWD:/bin/systemctl
- Increase Zabbix-Agent timeout to 30 seconds. (/etc/zabbix/zabbix_agentd.conf)
Timeout=30
- Packetloss to certain tunnel
- RTT to certain tunnel
