bb-service entry for OpenVPN

Jerry Yu jjj863 at gmail.com
Fri Aug 25 16:09:50 CEST 2006


I need to monitor OpenVPN service on a remote server (OpenVPN is
already monitored as a PROC locally on that server)

OpenVPN is SSL-based, so, I made up a service entry as below. The test
is failing, got 'unexpected service response'm w/o any data. Because a
shared HMAC secret is used for this OpenVPN server, a connection
attempt w/o the HMAC secret will not be able to get the certificate
(maybe this is why it fails?).

[openvpn]
expect "CONNECTED(00000003)"
option ssl
port 12345

Here is a few manual sessions using openssl. I'd be happy to label the
service as 'up' if I get the CONNECTED(00000003) string. any ideas?

/etc/hobbit# openssl s_client -ssl3 -connect vip1.vip.com:12345
CONNECTED(00000003)
30739:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version
number:s3_pkt.c:286:
/etc/hobbit# openssl s_client -ssl2 -connect vip1.vip.com:12345
CONNECTED(00000003)
30742:error:1407F0E5:SSL routines:SSL2_WRITE:ssl handshake failure:s2_pkt.c:429:



More information about the Xymon mailing list