Script

[caporrino]

Hello,

Where is the check_ipsec.sh script placed? Server or client? Could you give me the configuration with a practical example? Thanks

[a-schild]

Hello,

you have to install the script on the system where your ipsec tunnels are running. You can either install them on one side, or on both sides.

The json config file must also be in that place.

{
    "data":[
        { "{#TUNNEL}":"tunnel1","{#TARGETIP}":"192.168.35.1","{#SOURCEIP}":"192.168.230.4","{#RTT_TIME_WARN}":"80","{#RTT_TIME_ERR}":"150" }
        ]
}

tunnel1 -> Name of the ipsec tunnel as defined in your ipsec config target ip -> IP on the other side of the tunnel, we ping this to check if the tunnel is up and running source ip -> IP on your side (where the script is running), this is your sending IP address (Important if you have multiple interfaces/ip addresses)

Finally the two rtt times tell the system to warn/error when the rtt of the pings exceeds the given values

With best regards

André

[caporrino]

Hello André,

I tried to run, but don´t work for me.

[a-schild]

Have you placed it in the folder specified?

[caporrino]

Yes. In the place where you mentioned it. On the host where ipsec runs in the \usr\lib\zabbix\externalscripts directory

[a-schild]

And is this also the location where the zabbix agent is running?

[caporrino]

Yes

[a-schild]

And can you start it from the commandline? (And chmod a+x for the .sh file)

[caporrino]

Yes.