Nagios Support Forum

We want to use IPSec to protect the Nagios client traffic (NS++) between the VM running Nagios XI & all of our Windows systems.

We've got IPSec working from WIndows host to Windows host, but everything I can find about IPSec with Linux is for site to site or remote access VPNs.

Can anyone point us in the right direction for this?

*Edit - fixed spelling error.

I found this link - see if this is going to point you to the right direction. Thanks!

Unfortunately, that link is for Centos 5 - the Nagios XI VMs currently available run Centos 6.

Centos 6 does not appear to have an ipsec-tools package, however it does have OpenSwan... but all the documentation for that is about using Centos for site-to-site or remote access VPNs, not for protecting LAN traffic.

What I need is either details on installing ipsec-tools on Centos 6 (and having it work - I've found instructions that don't work) or on making OpenSwan work.

Our Windows IPSec policy is to negotiate security for UDP/161 & Nagios client traffic. If it can't be negotiated, it falls back to unencrypted for now. I need this same policy (using a PSK for now - we'll worry about certs after we get it working with PSK) on the Centos/Nagios VM.

If I can get this working, I'll post the details here.

It does look like openswan is the standard for 6 https://access.redhat.com/knowledge/doc ... nswan.html

I've looked through OpenSwan, and I get the impression it's for site-to-site or remote access IPSec VPNs... which is not what we're trying to accomplish. We want to protect internal LAN traffic with IPSec between the Nagios server running CentOS 6 and the Windows & Linux servers it's monitoring.

I'll take another look through OpenSwan (it would help if their wiki wasn't a bunch of 404s...)

I don't believe we have anyone on staff that has set this up, it definitely would be good to inquire in any openswan forums..