nagios on VPN gateway: ping trouble

[Subhendu Ghosh]

On Tue, 28 Feb 2006, dick at uchicago.edu wrote:

> greetz,
>
> i have successfully installed nagios-2.0b4p0-chroot and its related packages,
> nagios-plugins-1.4.1 and nagios-web-2.0b4-chroot, on my home firewall/VPN
> gateway that's running openbsd-3.8 release. i'm starting simple and doing a
> check_ping on all my local machines (10.9.0/24 and 10.9.1/24 subnets), which is
> working great and i can see their status under the nagios web interface. now
> that i have check_ping working for my local machines, i want to do the same for
> hosts at my remote location (10.0.0/24 and 10.0.1./24 subnets) that are under
> the same VPN.
>
> however, i am not able to check_ping for 10.0.0.1, the remote VPN gateway, even
> though i'm able to ping it from my home VPN gateway. since my home VPN gateway
> has both a public IP, x.y.z.w, and a private IP, 10.9.0.1, i have to issue a
> "ping -I 10.9.0.1 10.0.0.1" to ping the remote VPN gateway via the VPN,
> otherwise the interface address transmitted falls outside my VPN subnet
> (10.9/16) and the ping doesn't get routed through the VPN. i changed the
> ping_syntax variable in cgi.cfg from "/bin/ping -n -c 5 $HOSTADDRESS$" to
> "/bin/ping -I 10.9.0.1 -n -c 5 $HOSTADDRESS$" to try to remedy the problem, but
> it hasn't done the trick.
>
> just to be clear, here is an text rendering of the situation:
>
>  #########################              #############################
>  # home VPN gw           #              # work VPN gw               #
>  # pub. IP = x.y.z.w     #--internet----# pub. IP = a.b.c.d         #
>  # priv. IP = 10.9.0.1   #              # priv. IP = 10.0.0.1       #
>  # VPN for 10.9/16       #              # VPN for 10.0/16           #
>  #########################              #############################
>
> am i not supposed to run nagios on such a gateway? i could move it to another
> machine behind the gateway at home, but i would rather not for computing
> resource reasons. any suggestions on how to successfully check_ping in this
> situation would be appreciated. thx for reading.
>
> cheers,
> jake
>

First off - thanks for a concise and detailed problem statement.

I would like to point out that if both lan segments are in different 
address blocks, -I should not be necessary.  The route table on the 
gateway should be correctly populated.

ie. home vpn gateway should have a 1 hop route to work and a 1 hop route 
to ISP gateway.

What is the output in Nagios (visible output)

Remedies:
Try a shell wrapper and capture the ping exit code. and use that as the 
wrapper's exit code.

-- 
-sg


-------------------------------------------------------
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null