Hi,

We are using Unifi Ipsec tunnels but there is no way to monitor it. The only way to see or the tunnel is up is via SSH, you can get the details via this command "show vpn ipsec sa".

Output:

peer-***.***.***.***-tunnel-0: #2, ESTABLISHED, IKEv2, **************************
-vbash: peer-***.***.***.***-tunnel-0:: command not found
  local  '***.***.***.***' @ ***.***.***.***
  remote '***.***.***.***' @ ***.***.***.***
  AES_CBC-256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048
  established 14150s ago, rekeying in 13945s
  peer-***.***.***.***-tunnel-6: #7, INSTALLED, TUNNEL, ESP:AES_CBC-256/HMAC_SHA1_96
    installed 485 ago, rekeying in 2246s, expires in 3115s
    in  cdbe5835, 30775130 bytes, 150960 packets,     0s ago
    out 9d6756ea, 29664699 bytes, 150544 packets,     0s ago
    local  172.*.*.*/24

I just wanna create a script that runs the command and then gives output established or Down

Kind regards

Wietse

Article Comments

Hello,

Thank you for your message.

Regarding what you would like to achieve, I invite you to use the SSH Script sensor to execute a script on your Ubiquiti device. Here is an example of script which might fit your needs:

#!/bin/sh

(show vpn ipsec sa | grep ESTABLISHED)  2>&1 1>/dev/null

if [ $? -eq 0 ]; then 
  echo "0:$?:UP"
else
  echo "1:$?:DOWN"
fi

The script must be located under /var/prtg/scripts and must have execution right (chmod +x your_script).

Please, notice that we do not provide support for custom scripts.

Regards.


Feb, 2021 - Permalink

Hi,

Thanks for your fast reply i will give it a shot


Feb, 2021 - Permalink

If you do not have the necessary rights to create the folder as well as the script on your device, then I can only invite you to write a custom script on the PRTG server / probe server and execute the SSH command (show vpn ipsec sa) from it.

Then, you only have to search for the keyword "ESTABLISHED" in the result returned by the command and then send the data in PRTG. Here is the manual regarding custom sensors: https://www.paessler.com/manuals/prtg/custom_sensors

You can use one of the [[https://www.paessler.com/manuals/prtg/available_sensor_types#exeEXE/Script sensors]] or the Python Script Advanced sensor to execute the custom script.

Regards.


Feb, 2021 - Permalink

Hi,

I managed to get the folders created but you code above gives me the following error:

./ipsec.sh : line 3: show: command not found 1:1:DOWN

I m a total noob in this kind of scripts.


Feb, 2021 - Permalink

With your current user, can you execute the command you provided (show vpn ipsec sa) from the /var/prtg/scripts folder ?

The script should be able to execute that command as you did earlier and then return the status of the VPN. Therefore, I'm afraid that I can only provide a limited support here.

Regards.


Feb, 2021 - Permalink

Hi,

it is possible to run the command (show vpn ipsec sa) from /var/prtg/scripts

so that works fine it's just when we put it in a script it doesn't work.


Feb, 2021 - Permalink

Thank you for the information.

Then, I can only invite you to check the current shell you are using by using echo $0 or ps $$ and modify the instruction #!/bin/sh accordingly.

If it still doesn't work, then I'm afraid that I can't help further. You should then give a try to a script on the PRTG server and execute the SSH command remotely from there.


Feb, 2021 - Permalink