Actions
Bug #16601
open
check_pf_ipsec_tunnel problem when using name
Status:
New
Priority:
Normal
Assignee:
-
Category:
NRPE
Target version:
-
Start date:
Due date:
% Done:
0%
Estimated time:
Plus Target Version:
Affected Version:
2.7.2
Affected Plus Version:
Affected Architecture:
Description
Hi!
I've just faced an issue with the following.
I have an ipsec tunnel, where only one of the endpoint have fixed IP, so the other one (machine name pioneer) will not initiate the connection. Since I would like to check this tunnel status aswell, I've tried to setup with a domain name, which actually resolves to the right IP address.
The generated nrpe.cfg line on pioneer:
command[check_ipsec_status_tunnel1]=/usr/local/bin/sudo /usr/local/libexec/nagios/check_pf_ipsec_tunnel -e xyz.duckdns.org
If I run the command on pioneer, it works fine:
[2.7.2-RELEASE][root@Pioneer.abc.local]/root: /usr/local/bin/sudo /usr/local/libexec/nagios/check_pf_ipsec_tunnel -e xyz.duckdns.org OK - IPSEC VPN tunnel to xyz.duckdns.org - ESTABLISHED 30 minutes ago
If I run the check with nrpe from the icinga server however:
[user1(Hubble:0)] <~> /usr/lib/nagios/plugins/check_nrpe -2 -t 180 -H pioneer.abc.hu -c check_ipsec_status_tunnel1 CRITICAL - IPSEC VPN tunnel not found: xyz.duckdns.org
I've checked the ipsec script, and my idea/feeling (I was not able to prove so far) is that the dig command inside the script will not run properly.
I've tried to echo out the result of the dig command:
hostip=$(dig +short $endpoint)
echo $hostip
This works well from the local machine (i got the right IP), but when I run it from the remote host, I got an empty line...
Any ideas? If possible, can it be fixed somehow?
Thanks
Peter
No data to display
Actions