nagios vpn hosts

[niccoX]

I have a server which I now run through a VPN, ever since, it has lost the connection with the Nagios server.

Code: Select all

root@monitor:/usr/lib/nagios/plugins$ ./check_nrpe -H 89.160.16.2 -p2222
Connection refused by host

I don't know where to begin to allow the host to be able to be checked by the nagios server again.

#Nagios Core 3.4.1

[cdienger]

The requests from the XI machine could be getting natted and appear to be coming from a different IP address. In which case you'll want to edit the nsclient.ini or nrpe.cfg and update the allowed_hosts or "allowed host" configurations to allow it. You could also check /var/log/messages or nsclient.log on the remote machine to see if it gives any more detail as to why the connection is refused.

[niccoX]

I have neither of these files. I have nagios.cfg and cgi.cfg[.

Should I add an entry in nagios.cfg as:

allowed_hosts=127.0.0.1,192.168.0.140

If I add one IP would I need to add all clients that are monitored, those with no VPN as well?

[niccoX]

He, of course on the client...

[scottwilkerson]

Is the client a Linux or Windows host?

[niccoX]

Is the client a Linux or Windows host?

We have both, this in particular I'm testing with is a Linux client, it's on the same IP as the Core server, but on a different port.

npre.cfg has it as an allowed host already:

Code: Select all

allowed_hosts=127.0.0.1, monitor.net.o-xxx.xx

[scottwilkerson]

Ok, on this remote server can you see if any of the requests are getting there by looking at the system log?

with a command such as

Code: Select all

grep nrpe /var/log/messages

Also, is this nrpe daemon running under initd, systemd, or xinetd? And is the port you are checking somehow mapped to port 5666 on this remote server?

[niccoX]

Ok, on this remote server can you see if any of the requests are getting there by looking at the system log?

with a command such as

Code: Select all

grep nrpe /var/log/messages

Also, is this nrpe daemon running under initd, systemd, or xinetd? And is the port you are checking somehow mapped to port 5666 on this remote server?

It's not going through.

We run initd.

Even with disabled firewall, it won't work.

Code: Select all

root@monitor:/usr/lib/nagios/plugins$ ./check_nrpe -H 89.160.16.2
CHECK_NRPE: Error - Could not complete SSL handshake.
root@monitor:/usr/lib/nagios/plugins$ ./check_nrpe -H 89.160.16.2 -pxxxx
Connection refused by host

Out env is little complicated though, we have a proxy that handles server to server communication and apart from it user to server, restricting access for a user to access a specific server, but accepting access for a server to communicate with another...

[scottwilkerson]

Could you share the nrpe.cfg from the client?

[niccoX]

Code: Select all

log_facility=daemon
pid_file=/var/run/nagios/nrpe.pid
server_port=5666
nrpe_user=nagios
nrpe_group=nagios
allowed_hosts=127.0.0.1, monitor.net.x-xxx.xx
dont_blame_nrpe=0
debug=1
command_timeout=60
connection_timeout=300

# webchecker for external websites

include=/etc/nagios/nrpe_local.cfg
include_dir=/etc/nagios/nrpe.d/
command[check_db_dump]=sudo /usr/lib/nagios/plugins/check_db_dump