Page 1 of 2
nagios vpn hosts
Posted: Mon Oct 29, 2018 10:57 am
by niccoX
I have a server which I now run through a VPN, ever since, it has lost the connection with the Nagios server.
Code: Select all
root@monitor:/usr/lib/nagios/plugins$ ./check_nrpe -H 89.160.16.2 -p2222
Connection refused by host
I don't know where to begin to allow the host to be able to be checked by the nagios server again.
#Nagios Core 3.4.1
Re: nagios vpn hosts
Posted: Tue Oct 30, 2018 2:32 pm
by cdienger
The requests from the XI machine could be getting natted and appear to be coming from a different IP address. In which case you'll want to edit the nsclient.ini or nrpe.cfg and update the allowed_hosts or "allowed host" configurations to allow it. You could also check /var/log/messages or nsclient.log on the remote machine to see if it gives any more detail as to why the connection is refused.
Re: nagios vpn hosts
Posted: Wed Oct 31, 2018 9:37 am
by niccoX
I have neither of these files. I have nagios.cfg and cgi.cfg[.
Should I add an entry in nagios.cfg as:
allowed_hosts=127.0.0.1,192.168.0.140
If I add one IP would I need to add all clients that are monitored, those with no VPN as well?
Re: nagios vpn hosts
Posted: Wed Oct 31, 2018 9:41 am
by niccoX
He, of course on the client...
Re: nagios vpn hosts
Posted: Wed Oct 31, 2018 9:46 am
by scottwilkerson
Is the client a Linux or Windows host?
Re: nagios vpn hosts
Posted: Wed Oct 31, 2018 10:12 am
by niccoX
scottwilkerson wrote:Is the client a Linux or Windows host?
We have both, this in particular I'm testing with is a Linux client, it's on the same IP as the Core server, but on a different port.
npre.cfg has it as an allowed host already:
Code: Select all
allowed_hosts=127.0.0.1, monitor.net.o-xxx.xx
Re: nagios vpn hosts
Posted: Wed Oct 31, 2018 10:18 am
by scottwilkerson
Ok, on this remote server can you see if any of the requests are getting there by looking at the system log?
with a command such as
Also, is this nrpe daemon running under initd, systemd, or xinetd? And is the port you are checking somehow mapped to port 5666 on this remote server?
Re: nagios vpn hosts
Posted: Mon Nov 12, 2018 7:24 am
by niccoX
scottwilkerson wrote:Ok, on this remote server can you see if any of the requests are getting there by looking at the system log?
with a command such as
Also, is this nrpe daemon running under initd, systemd, or xinetd? And is the port you are checking somehow mapped to port 5666 on this remote server?
It's not going through.
We run initd.
Even with disabled firewall, it won't work.
Code: Select all
root@monitor:/usr/lib/nagios/plugins$ ./check_nrpe -H 89.160.16.2
CHECK_NRPE: Error - Could not complete SSL handshake.
root@monitor:/usr/lib/nagios/plugins$ ./check_nrpe -H 89.160.16.2 -pxxxx
Connection refused by host
Out env is little complicated though, we have a proxy that handles server to server communication and apart from it user to server, restricting access for a user to access a specific server, but accepting access for a server to communicate with another...
Re: nagios vpn hosts
Posted: Mon Nov 12, 2018 7:59 am
by scottwilkerson
Could you share the nrpe.cfg from the client?
Re: nagios vpn hosts
Posted: Mon Nov 12, 2018 8:03 am
by niccoX
Code: Select all
log_facility=daemon
pid_file=/var/run/nagios/nrpe.pid
server_port=5666
nrpe_user=nagios
nrpe_group=nagios
allowed_hosts=127.0.0.1, monitor.net.x-xxx.xx
dont_blame_nrpe=0
debug=1
command_timeout=60
connection_timeout=300
# webchecker for external websites
include=/etc/nagios/nrpe_local.cfg
include_dir=/etc/nagios/nrpe.d/
command[check_db_dump]=sudo /usr/lib/nagios/plugins/check_db_dump