Openvpn nagios pluging

You can use Nagios to monitor all sorts of hardware and software. The opportunity to write your own plug-ins makes it possible to monitor everything that your Nagios server can communicate with. As you can use any computing language that manages command-line arguments and exit status.
Here you find a nagios pluging developed with python.
The pluging named check_openvpn, it connects to the management OpenVPN server checks for actives connection and return the amount connected OpenVPN clients. it’s forked from openvpn-status scripts.

First of all download the check_openvpn script into your pluging directory on debian it’s /usr/lib/nagios/plugins/.

To use the new plug-in, you have to register it first, create the file command called openvpn.cfg with contents as below:

$ sudo cat > /etc/nagios-plugins/config/openvpn.cfg

define command {
command_name check_openvpn
command_line /usr/lib/nagios/plugins/check_openvpn -t $ARG1$ -p $ARG2$ -n $ARG3$
}

Let’s create some hostgroups – say openvpn-server

$ sudo cat >> /etc/nagios3/conf.d/hostgroups_nagios2.cfg

define hostgroup {
hostgroup_name openvpn-server
alias openvpn servers
members myhost
}

replace vpn.example.com by your openvpn server address, and myhost by the openvpn server name.
Now let’s define those hosts:

$ sudo cat >> /etc/nagios3/conf.d/hosts.cfg

define host {
use generic-host;
host_name myhost;
address vpn.example.com;
}

Now we can define services that run in the new hostgroups

$ sudo cat >> /etc/nagios3/conf.d/services_nagios2.cfg

define service {
hostgroup_name opevpn
service_description OPENVPN
check_command check_openvpn!host!port!passwd
use generic-service
notification_interval 0
}

replace “host” by the address of your openvpn server, “port” by the openvpn management server port and “passwd” by the openvpn nanagement server password.

Don’t forget to check your configuration
$ sudo nagios3 -v /etc/nagios3/nagios.cfg

Then restart the daemon
$ sudo /etc/init.d/nagios3 restart

If all that went well, you should be able to go back to the Hostgroup Overview page on your Nagios install and see the new hostgroups and hosts.

Openvpn nagios pluging

16 thoughts on “Openvpn nagios pluging

  1. nikhil says:

    hi there,
    I am also getting the same error:

    OPENVPN WARNING contineously.

    and in mail
    additional info : (null)

  2. Vincent says:

    Hi,

    # sudo cat > /path/to/file.ext
    does not open the file with root rights

    –> bash: /path/to/file.ext: permission denied

    the reason is that cat is executed as root but the file is open by ure shell still runs under the current user.
    The file cant be opened and sudo is not executed.

    the correct form to to this is:

    # sudo sh -c ‘cat >> /path/to/file.ext’
    🙂

    lg
    vincent

  3. Nikhil Verma says:

    hi,

    connection refused ERROR i m getting on my server.
    i have mentioned server IP add, port number and the password on conf. file.

    i m usning password through which i login on the server by ssh….is that right???

      1. Nikhil Verma says:

        my Sr. has created one user account on that machine for my access.i just want to know VPN console management password is different with a normal accout if yes….can you share any doc to create VPN console management password.

        regards
        nikhil

      2. Add this line to your openvpn server’s config:

        management 127.0.0.1 11940 /etc/openvpn/config/password

        The server where bind too on 127.0.0.1 port 11940 for management
        and listen for a password in the /etc/openvpn/config/password file

        create the password file like this :
        echo “mypassword” > /etc/openvpn/config/password
        chown openvpn:openvpn /etc/openvpn/config/password
        chmod 600 /etc/openvpn/config/password

        That’s all, and this password is what you need to set on the plugin’
        Well, have a nice day

  4. nagios_newbie says:

    Thanks for this nice explanation of nagios-openvpn setup. I did everything you wrote but I still get “connection refused” in nagios for openvpn:
    Here is openvpn.conf
    port 443
    proto tcp
    dev tun
    ca privnet/ca.crt
    cert privnet/server.crt
    key privnet/server.key
    dh privnet/dh1024.pem
    server 172.17.0.0 255.255.255.0
    client-to-client
    push “route 172.16.171.0 255.255.255.0”
    push “dhcp-option DNS mydns”
    ifconfig-pool-persist ipp.txt
    keepalive 10 120
    comp-lzo
    user nobody
    group nobody
    persist-key
    persist-tun
    status /var/log/openvpn-status.log
    verb 1
    management-signal
    management localhost 500 /etc/openvpn/password

    Also here is my services_nagios2.cfg

    # check that openvpn services are running
    define service {
    hostgroup_name openvpn
    service_description OPENVPN
    check_command check_openvpn!172.16.171.3!500!somepassword
    use generic-service
    notification_interval 0 ; set > 0 if you want to be renotified
    }

    Logs on openvpn do not report error and I cant find nothing on nagio server that can help me

  5. Mezzler says:

    nagios_newbie Why not try a port above 1024, for example like 5002?

    I thought after installing this plugin though I would get to see some information on bandwidth usage and current connected users. I can’t find any of that.

  6. Nikhil Verma says:

    ########openvpn.conf############
    \dev tun
    port 9191

    remote 119.81.75.89

    secret /etc/openvpn/secrets/noida.key
    user nobody
    group nobody
    comp-lzo
    ifconfig 11.108.108.1 11.108.108.2
    route 192.168.0.0 255.255.0.0
    route 10.51.0.0 255.255.0.0
    route 172.16.0.0 255.240.0.0
    ping 15
    ping-restart 45
    ping-timer-rem
    persist-tun
    persist-key
    verb 3
    log /var/log/noida.log
    management 127.0.0.1 11940 /etc/openvpn/config/password

    #############################################################
    Command used in VPN server
    echo mypassword > /etc/openvpn/config/password
    chown openvpn:openvpn /etc/openvpn/config/password
    chmod 600 /etc/openvpn/config/password

    #####My linux VPN service file######
    define service {
    hostgroup_name linux-servers
    service_description Tunnel
    check_command check_openvpn!10.120.120.1!11940!mypassword
    use local-service
    notification_interval 0
    }

    still i m getting connection refused:
    CHECKOPENVPN CRITICAL: [Errno 111] Connection refused

    pl’z help to resolve this

    1. Hi,

      You have to change port on your Linux VPN service file to 9191, what you specified on the openvpn.conf file.
      In this line : check_command check_openvpn!10.120.120.1!11940!mypassword, also verify that this IP address is OK.

  7. Nikhil Verma says:

    after changing the port no in nagios and as well as in openvpn.conf still i m getting connection refused.

    openvpn.conf
    ##################
    dev tun
    port 9191

    remote 119.81.75.89
    secret /etc/openvpn/secrets/noida.key
    user nobody
    group nobody
    comp-lzo
    ifconfig 11.108.108.1 11.108.108.2
    route 192.168.0.0 255.255.0.0
    route 10.51.0.0 255.255.0.0
    route 172.16.0.0 255.240.0.0
    ping 15
    ping-restart 45
    ping-timer-rem
    persist-tun
    persist-key
    verb 3
    log /var/log/noida.log
    management 127.0.0.1 9191 /etc/openvpn/config/password

    #############################

    linuxservices.cfg

    ###################
    define service {
    hostgroup_name linux-servers
    service_description Tunnel
    check_command check_openvpn!10.120.120.1!9191!mypassword
    use local-service
    notification_interval 0
    }

    pl’z help

    is there any command to check open plugin working like “check_dns -H 10.120.120.1”

    regards
    nikhil

  8. Nikhil Verma says:

    i used below command :
    /usr/local/nagios/libexec/check_openvpn -p 9191 -n mypassword -t 10.120.120.1
    CHECKOPENVPN CRITICAL: [Errno 111] Connection refused

    Ip is also reachable from server

    1. Verify that the port 9191 is open, for that you can telnet your server as :
      telnet 10.120.120.1 9191, if you got a prompt than you could be OK.
      Else check if there are a firewall or something that block access to server on that port.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s