[hobbit] bb-service entry for OpenVPN
Rich Smrcina
rsmrcina at wi.rr.com
Mon Aug 28 19:19:54 CEST 2006
Will the new ports test work here, to at least show that it is listening?
Henrik Stoerner wrote:
> On Fri, Aug 25, 2006 at 10:09:50AM -0400, Jerry Yu wrote:
>> I need to monitor OpenVPN service on a remote server (OpenVPN is
>> already monitored as a PROC locally on that server)
>>
>> OpenVPN is SSL-based, so, I made up a service entry as below. The test
>> is failing, got 'unexpected service response'm w/o any data. Because a
>> shared HMAC secret is used for this OpenVPN server, a connection
>> attempt w/o the HMAC secret will not be able to get the certificate
>> (maybe this is why it fails?).
>
> In the default configuration, OpenVPN is only UDP traffic - Hobbit has
> no support for communicating with this type of service.
>
> Assuming you did configure OpenVPN for TCP, then it is likely that the
> SSL protocol is either wrapped inside an OpenVPN header, or some OpenVPN
> traffic needs to precede the actual SSL handshake.
>
>> [openvpn]
>> expect "CONNECTED(00000003)"
>> option ssl
>> port 12345
>
> That "expect" string will never match; the "CONNECTED" string is a
> debugging output from the OpenSSL "s_client" utility.
>
> Your best bet is probably to enable the OpenVPN management service, and
> check that with a normal "http" status check.
>
>
> Regards,
> Henrik
>
>
> To unsubscribe from the hobbit list, send an e-mail to
> hobbit-unsubscribe at hswn.dk
>
>
--
Rich Smrcina
VM Assist, Inc.
Phone: 414-491-6001
Ans Service: 360-715-2467
rich.smrcina at vmassist.com
Catch the WAVV! http://www.wavv.org
WAVV 2007 - Green Bay, WI - May 18-22, 2007
More information about the Xymon
mailing list