[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bb-service entry for OpenVPN
- To: hobbit (at) hswn.dk
- Subject: bb-service entry for OpenVPN
- From: "Jerry Yu" <jjj863 (at) gmail.com>
- Date: Fri, 25 Aug 2006 10:09:50 -0400
- Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=qPUhOUMqG9r001mM7FsJTLom+s0wdN6yANabDdmlqqhgx6yzH2WRDEeYgSfYT8z7PxhwR1xKql6Lg5xxyXJeT6VPktyQfpqw/Aau7FQiJbOTwQ/GhY+NAX2X8ociDBKFPc7kov+R8icZ2NGzn8zXl/fUeM1O7PufP0JJhaKh7p0=
I need to monitor OpenVPN service on a remote server (OpenVPN is
already monitored as a PROC locally on that server)
OpenVPN is SSL-based, so, I made up a service entry as below. The test
is failing, got 'unexpected service response'm w/o any data. Because a
shared HMAC secret is used for this OpenVPN server, a connection
attempt w/o the HMAC secret will not be able to get the certificate
(maybe this is why it fails?).
[openvpn]
expect "CONNECTED(00000003)"
option ssl
port 12345
Here is a few manual sessions using openssl. I'd be happy to label the
service as 'up' if I get the CONNECTED(00000003) string. any ideas?
/etc/hobbit# openssl s_client -ssl3 -connect vip1.vip.com:12345
CONNECTED(00000003)
30739:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version
number:s3_pkt.c:286:
/etc/hobbit# openssl s_client -ssl2 -connect vip1.vip.com:12345
CONNECTED(00000003)
30742:error:1407F0E5:SSL routines:SSL2_WRITE:ssl handshake failure:s2_pkt.c:429: