Closed ebogaard closed 4 months ago
rbicelli
commented
2 years ago Please try php script of the commit 12358a05848eaf4defec03d697161db7c252b229 and see if something changes. if you want you can't send me as PM or email the output of pfsense_zbx.php script called without arguments.
ebogaard
commented
2 years ago Did you receive the requested info from me via e-mail? I sent it 17 dec at 13:45 CET.
rbicelli
commented
2 years ago Yes, I received the mail but these days are quite busy for me. Will be back to you as soon as possible. Thanks
Il giorno mer 22 dic 2021 alle ore 11:53 ebogaard @.***> ha scritto:
Did you receive the requested info from me via e-mail? I sent it 17 dec at 13:45 CET.
— Reply to this email directly, view it on GitHub https://github.com/rbicelli/pfsense-zabbix-template/issues/96#issuecomment-999479116, or unsubscribe https://github.com/notifications/unsubscribe-auth/AA5YCLTVHLSVTIDVL2DNABTUSGU3DANCNFSM5KIN2OWA . You are receiving this because you commented.Message ID: @.***>
rbicelli
commented
4 months ago Probably solved with latest commits
We have two IPSec Ph1 connections configured, the 1st one with 1 Ph2 tunnel, and the second with 13 Ph2 tunnels. The discovery with the 1st one works great: Tunnel 1 and Tunnel 1.1 are detected. The discovery with the 2nd one doesn't work correctly. I think this is because some Ph2 tunnels have been deleted 'in between' tunnels that still exist, so there might be some "gaps" in between the tunnels.
Detected in Zabbix are: 2 and 4 up to and including 15 (which comes from the array in "IPsec Status:") If I check the output of the script in the "IPsec Config Phase 2:", the information for the following tunnels is detected: 2 up to and including 14.
So as you can see, Discovery doesn't know tunnel 3, while the actual data does use this number. So the information for all tunnels from tunnel 4 and higher are shifted by one and tunnel 15 doesn't receive any information.
If I have a look at: /var/etc/ipsec/swanctl.conf I can see the numbering for the children of "con200000" goes from "con200000" up to and including "con200012", so that should suggest an incremental numbering without any gaps. And hence, the discovery being wrong.