From Wikitech
Jump to navigation Jump to search

check_strongswan is an Icinga plugin that checks IPSec connections.

The actual scripts is in the puppet repo in modules/strongswan/files/monitoring/check_strongswan.

# Nagios/Icinga check script for Strongswan
# Parses output of 'ipsec statusall': checks that each defined connection has
# corresponding established Security Associations (IKE parent + ESP child).
# Also checks that connections configured by Strongswan have corresponding
# xfrm policies in place in the kernel, by parsing output of 'ip xfrm state'
# for matching Security Parameter Index values.

1.) troubleshoot the issue

2.) write what you did to troubleshot the issue in this runbook :)

3.) tell the traffic team about it