Looking for IPSEC VPN check plugin

Jeremy T. Bouse jeremy+nagios at undergrid.net
Sun Mar 9 18:50:05 CET 2003


	From my understanding of how most IKE implimentations work the
check_udp plugin is not capable of doing this. There would need to be a
check_ike plugin crafted and it would need to understand and utilize the IKE
protocol to actually verify it is operational. Just merely connecting to 500/udp
is not enough...

	As for checking for ESP (protocol 50), GRE (protocol 47) and AH
(protocol 51) which are commonly used in IPSEC VPN services you can't really
check for that in any manner I can think of as there is no real way I can think
of to confirm without having a security association (SA) established with the
VPN gateway server... So in essence to test for them you'd have to bring up a
VPN tunnel to test this... 

	These are just my observations and personal testing of check_udp against
my already running and operational IPSEC IKE server and not getting anything
back to verify it as up..

	Jeremy

On Sun, Mar 09, 2003 at 02:07:34PM +0100, Bernd Bartmann wrote:
> Does anybody know if there is a plugin available to check if a remote
> IPSEC VPN service is still running (UDP port 500 and IP protocol 50)?
> 
> Thanks in advance!
> 


-------------------------------------------------------
This SF.net email is sponsored by: Etnus, makers of TotalView, The debugger 
for complex code. Debugging C/C++ programs can leave you feeling lost and 
disoriented. TotalView can help you find your way. Available on major UNIX 
and Linux platforms. Try it free. www.etnus.com
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null





More information about the Users mailing list