Search Exchange
Search All Sites
Nagios Live Webinars
Let our experts show you how Nagios can help your organization.Login
New ListingsDirectory Tree
check_openvpn_pl
The -H [IP or hostname of the openvpn server] and -p options [port of the openvpn server] are always obligatory. If plugin can be connected with the management interface it will show the common name (as it is specified in the client certificate) of the connected clients. Otherwise, it will finish with critical state. The -i option shows the remote IP address of the client instead of their common name and the -n option shows the number of connected clients. It is possible to be verified that a client in particular is connected using one of these two options -C [common name] or -r [remote IP address]. If these options are used, also the exit state is due to specify that will give back plugin if it does not find the client through the -w [warning] -c [critical] options.
Examples of use:
# Basic usage: It gives back the names of the connected clients the -t
option (timeout) is optional. The default value is 10
check_openvpn -H 192.168.10.1 -p 1195 -P mypassword -t 5
OpenVPN OK: cliente1 cliente2
# Returns the remote IP address of the client instead of the common name
check_openvpn -H 192.168.10.1 -p 1195 -P mypassword -i
OpenVPN OK: 192.168.0.5 192.168.0.15
# Returns the number of connected clients.
check_openvpn -H 192.168.10.1 -p 1195 -P mypassword -n
OpenVPN OK: 2 connected clients.
# Check if cliente1 is connected and if it does not give back warning.
check_openvpn -H 192.168.10.1 -p 1195 -P mypassword -C client -w
OpenVPN OK: cliente1 cliente2
# Check if the machine with IP 192.168.0.15 is connected and if it does not give back critical.
check_openvpn -H 192.168.10.1 -p 1195 -P mypassword -r 192.168.0.15 -c
OpenVPN OK: 192.168.0.5 192.168.0.15
This plugin depends on the Net::Telnet Perl module.
Examples of use:
# Basic usage: It gives back the names of the connected clients the -t
option (timeout) is optional. The default value is 10
check_openvpn -H 192.168.10.1 -p 1195 -P mypassword -t 5
OpenVPN OK: cliente1 cliente2
# Returns the remote IP address of the client instead of the common name
check_openvpn -H 192.168.10.1 -p 1195 -P mypassword -i
OpenVPN OK: 192.168.0.5 192.168.0.15
# Returns the number of connected clients.
check_openvpn -H 192.168.10.1 -p 1195 -P mypassword -n
OpenVPN OK: 2 connected clients.
# Check if cliente1 is connected and if it does not give back warning.
check_openvpn -H 192.168.10.1 -p 1195 -P mypassword -C client -w
OpenVPN OK: cliente1 cliente2
# Check if the machine with IP 192.168.0.15 is connected and if it does not give back critical.
check_openvpn -H 192.168.10.1 -p 1195 -P mypassword -r 192.168.0.15 -c
OpenVPN OK: 192.168.0.5 192.168.0.15
This plugin depends on the Net::Telnet Perl module.
Reviews (1)
bybill_mcgonigle, April 30, 2012
just a quick note: put something like this in your config file to enable the management interface:
management 127.0.0.1 2194 /etc/openvpn/management-password
and pass the relevant options in for this probe. (put your password in that named file and get your permissions right!).
I'm using OpenVPN 2.2.2 on CentOS 5 in 2012 and I needed to make a few small changes for a point-to-point link (plus a few warning message tweaks). Unified diff follows. Thank you Jamie - using the management interface is the right way to do this (my previous grep hacks were silly).
-------------
--- check_openvpn.pl-dist 2012-04-30 18:21:13.000000000 -0400
+++ check_openvpn.pl 2012-04-30 18:45:07.000000000 -0400
@@ -4,6 +4,9 @@
#
# Copyright (c) 2007 Jaime Gascon Romero
#
+# Modified 2012-04-30 Bill McGonigle
+# to handle OpenVPN 2 point-to-point connection checking.
+#
# License Information:
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -28,7 +31,7 @@
use Net::Telnet ();
use Getopt::Long qw(:config no_ignore_case);
use vars qw($PROGNAME $VERSION);
-use lib "/usr/nagios/libexec";
+use lib "/usr/lib/nagios/plugins";
use utils qw(%ERRORS);
$PROGNAME = "check_openvpn";
@@ -85,7 +88,7 @@
$t->print($opt_P);
}
$t->waitfor('/^$/');
-@lines = $t->cmd("status 2");
+@lines = $t->cmd("state");
$t->close;
};
@@ -97,7 +100,7 @@
if (defined $opt_i || defined $opt_r) {
foreach (@lines) {
- if ($_ =~ /CLIENT_LIST,.*,(\d+\.\d+\.\d+\.\d+):\d+,/) {
+ if ($_ =~ /\d+,CONNECTED,SUCCESS,\d+\.\d+\.\d+\.\d+,(\d+\.\d+\.\d+\.\d+)/) {
push @clients_ip, $1;
}
}
@@ -107,10 +110,10 @@
} elsif (defined $opt_r) {
if ( ! grep /\b$opt_r\b/, @clients_ip) {
if (defined $opt_c) {
- print "OpenVPN CRITICAL: $opt_r don't found";
+ print "OpenVPN CRITICAL: $opt_r not found";
exit $ERRORS{'CRITICAL'};
} else {
- print "OpenVPN WARNING: $opt_r don't found";
+ print "OpenVPN WARNING: $opt_r not found";
exit $ERRORS{'WARNING'};
}
}
@@ -128,10 +131,10 @@
if (defined $opt_C) {
if ( ! grep /\b$opt_C\b/, @clients) {
if (defined $opt_c) {
- print "OpenVPN CRITICAL: $opt_C don't found";
+ print "OpenVPN CRITICAL: $opt_C not found";
exit $ERRORS{'CRITICAL'};
} else {
- print "OpenVPN WARNING: $opt_C don't found";
+ print "OpenVPN WARNING: $opt_C not found";
exit $ERRORS{'WARNING'};
}
}
management 127.0.0.1 2194 /etc/openvpn/management-password
and pass the relevant options in for this probe. (put your password in that named file and get your permissions right!).
I'm using OpenVPN 2.2.2 on CentOS 5 in 2012 and I needed to make a few small changes for a point-to-point link (plus a few warning message tweaks). Unified diff follows. Thank you Jamie - using the management interface is the right way to do this (my previous grep hacks were silly).
-------------
--- check_openvpn.pl-dist 2012-04-30 18:21:13.000000000 -0400
+++ check_openvpn.pl 2012-04-30 18:45:07.000000000 -0400
@@ -4,6 +4,9 @@
#
# Copyright (c) 2007 Jaime Gascon Romero
#
+# Modified 2012-04-30 Bill McGonigle
+# to handle OpenVPN 2 point-to-point connection checking.
+#
# License Information:
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -28,7 +31,7 @@
use Net::Telnet ();
use Getopt::Long qw(:config no_ignore_case);
use vars qw($PROGNAME $VERSION);
-use lib "/usr/nagios/libexec";
+use lib "/usr/lib/nagios/plugins";
use utils qw(%ERRORS);
$PROGNAME = "check_openvpn";
@@ -85,7 +88,7 @@
$t->print($opt_P);
}
$t->waitfor('/^$/');
-@lines = $t->cmd("status 2");
+@lines = $t->cmd("state");
$t->close;
};
@@ -97,7 +100,7 @@
if (defined $opt_i || defined $opt_r) {
foreach (@lines) {
- if ($_ =~ /CLIENT_LIST,.*,(\d+\.\d+\.\d+\.\d+):\d+,/) {
+ if ($_ =~ /\d+,CONNECTED,SUCCESS,\d+\.\d+\.\d+\.\d+,(\d+\.\d+\.\d+\.\d+)/) {
push @clients_ip, $1;
}
}
@@ -107,10 +110,10 @@
} elsif (defined $opt_r) {
if ( ! grep /\b$opt_r\b/, @clients_ip) {
if (defined $opt_c) {
- print "OpenVPN CRITICAL: $opt_r don't found";
+ print "OpenVPN CRITICAL: $opt_r not found";
exit $ERRORS{'CRITICAL'};
} else {
- print "OpenVPN WARNING: $opt_r don't found";
+ print "OpenVPN WARNING: $opt_r not found";
exit $ERRORS{'WARNING'};
}
}
@@ -128,10 +131,10 @@
if (defined $opt_C) {
if ( ! grep /\b$opt_C\b/, @clients) {
if (defined $opt_c) {
- print "OpenVPN CRITICAL: $opt_C don't found";
+ print "OpenVPN CRITICAL: $opt_C not found";
exit $ERRORS{'CRITICAL'};
} else {
- print "OpenVPN WARNING: $opt_C don't found";
+ print "OpenVPN WARNING: $opt_C not found";
exit $ERRORS{'WARNING'};
}
}
