[hobbit] bb-service entry for OpenVPN

Jerry Yu jjj863 at gmail.com
Mon Aug 28 19:50:24 CEST 2006


the PORT & PROC work, locally. I merely want to be sure it is accessible
from remote, since the Internet access from the monitor server to the VPN
server is somewhat flaky.


On 8/28/06, Rich Smrcina <rsmrcina at wi.rr.com> wrote:
>
> Will the new ports test work here, to at least show that it is listening?
>
> Henrik Stoerner wrote:
> > On Fri, Aug 25, 2006 at 10:09:50AM -0400, Jerry Yu wrote:
> >> I need to monitor OpenVPN service on a remote server (OpenVPN is
> >> already monitored as a PROC locally on that server)
> >>
> >> OpenVPN is SSL-based, so, I made up a service entry as below. The test
> >> is failing, got 'unexpected service response'm w/o any data. Because a
> >> shared HMAC secret is used for this OpenVPN server, a connection
> >> attempt w/o the HMAC secret will not be able to get the certificate
> >> (maybe this is why it fails?).
> >
> > In the default configuration, OpenVPN is only UDP traffic - Hobbit has
> > no support for communicating with this type of service.
> >
> > Assuming you did configure OpenVPN for TCP, then it is likely that the
> > SSL protocol is either wrapped inside an OpenVPN header, or some OpenVPN
> > traffic needs to precede the actual SSL handshake.
> >
> >> [openvpn]
> >> expect "CONNECTED(00000003)"
> >> option ssl
> >> port 12345
> >
> > That "expect" string will never match; the "CONNECTED" string is a
> > debugging output from the OpenSSL "s_client" utility.
> >
> > Your best bet is probably to enable the OpenVPN management service, and
> > check that with a normal "http" status check.
> >
> >
> > Regards,
> > Henrik
> >
> >
> > To unsubscribe from the hobbit list, send an e-mail to
> > hobbit-unsubscribe at hswn.dk
> >
> >
>
> --
> Rich Smrcina
> VM Assist, Inc.
> Phone: 414-491-6001
> Ans Service:  360-715-2467
> rich.smrcina at vmassist.com
>
> Catch the WAVV!  http://www.wavv.org
> WAVV 2007 - Green Bay, WI - May 18-22, 2007
>
> To unsubscribe from the hobbit list, send an e-mail to
> hobbit-unsubscribe at hswn.dk
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xymon.com/pipermail/xymon/attachments/20060828/ad87706c/attachment.html>


More information about the Xymon mailing list