[hobbit] bb-service entry for OpenVPN

Rich Smrcina rsmrcina at wi.rr.com
Mon Aug 28 19:19:54 CEST 2006


Will the new ports test work here, to at least show that it is listening?

Henrik Stoerner wrote:
> On Fri, Aug 25, 2006 at 10:09:50AM -0400, Jerry Yu wrote:
>> I need to monitor OpenVPN service on a remote server (OpenVPN is
>> already monitored as a PROC locally on that server)
>>
>> OpenVPN is SSL-based, so, I made up a service entry as below. The test
>> is failing, got 'unexpected service response'm w/o any data. Because a
>> shared HMAC secret is used for this OpenVPN server, a connection
>> attempt w/o the HMAC secret will not be able to get the certificate
>> (maybe this is why it fails?).
> 
> In the default configuration, OpenVPN is only UDP traffic - Hobbit has
> no support for communicating with this type of service.
> 
> Assuming you did configure OpenVPN for TCP, then it is likely that the
> SSL protocol is either wrapped inside an OpenVPN header, or some OpenVPN
> traffic needs to precede the actual SSL handshake.
> 
>> [openvpn]
>> expect "CONNECTED(00000003)"
>> option ssl
>> port 12345
> 
> That "expect" string will never match; the "CONNECTED" string is a
> debugging output from the OpenSSL "s_client" utility.
> 
> Your best bet is probably to enable the OpenVPN management service, and
> check that with a normal "http" status check.
> 
> 
> Regards,
> Henrik
> 
> 
> To unsubscribe from the hobbit list, send an e-mail to
> hobbit-unsubscribe at hswn.dk
> 
> 

-- 
Rich Smrcina
VM Assist, Inc.
Phone: 414-491-6001
Ans Service:  360-715-2467
rich.smrcina at vmassist.com

Catch the WAVV!  http://www.wavv.org
WAVV 2007 - Green Bay, WI - May 18-22, 2007



More information about the Xymon mailing list