Sorry for disturbing, Even after installing the Fping I am not able to get the graphs. Whereas discovery items are in enabled state and also reflecting the changes made in VPN backend server into the zabbix dashboards. Totally confused about the data points. Kindly help me.....

Originally posted by @harikrish432 in #10 (comment)

Cannot read XML: (41) Specification mandate value for attribute data-pjax-transient [Line: 43 | Column: 91].

Hi Andre,
I just started to have a look to the different ways to monitor ipsec
connections and I found your project on github which interesting for
me as we currently deploy connections based on StrongSwan.
Many thanks for this (hard) work, unfortunately, I can't import your
template on Zabbix.
Before starting to troubleshoot, here are some details, maybe you have an idea:
we use Zabbix 2.2.9 on CentOS 6 with mysql server. I did 2 tests:

• importing the template checking all the "Update existing" boxes
  only. It works (but that's not what I want).
• importing the template checking all the "Add missing" boxes only. It failed.
  Here is the message error I get:

Created: Application "IPSEC" on "Template App IPSEC VPN".
Created: Item "OpenSWAN PLUTO process" on "Template App IPSEC VPN".
mb_strlen() expects parameter 1 to be string, array given
[conf.import.php:130 → CConfigurationImport->import() →
CConfigurationImport->processDiscoveryRules() → CAPIObject->create() →
CAPIObject->__call() → czbxrpc::call() → czbxrpc::callAPI() →
call_user_func() → CDiscoveryRule->create() →
CDiscoveryRule->createReal() → DB::insert() → DB::checkValueTypes() →
zbx_strlen() → mb_strlen() in
/usr/share/zabbix/include/func.inc.php:955]
Array to string conversion [conf.import.php:130 →
CConfigurationImport->import() →
CConfigurationImport->processDiscoveryRules() → CAPIObject->create() →
CAPIObject->call() → czbxrpc::call() → czbxrpc::callAPI() →
call_user_func() → CDiscoveryRule->create() →
CDiscoveryRule->createReal() → DB::insert() → implode() in
/usr/share/zabbix/include/classes/db/DB.php:450]
Error in query [INSERT INTO items
(name,type,snmp_community,snmp_oid,delay,status,snmpv3_contextname,snmpv3_securityname,snmpv3_securitylevel,snmpv3_authprotocol,snmpv3_authpassphrase,snmpv3_privprotocol,snmpv3_privpassphrase,delay_flex,params,ipmi_sensor,authtype,username,password,publickey,privatekey,port,filter,lifetime,description,key,trapper_hosts,hostid,flags,value_type,data_type,interfaceid,itemid)
VALUES ('IPSEC discovery','0','','','3600','0','','','0','0','','0','','50/1-7,00:00-24:00','','','0','','','','','',Array,'30','','ipsec.discover','','10200','1','4','0',NULL,'29839')]
[Unknown column 'Array' in 'field list']
SQL statement execution has failed "INSERT INTO items
(name,type,snmp_community,snmp_oid,delay,status,snmpv3_contextname,snmpv3_securityname,snmpv3_securitylevel,snmpv3_authprotocol,snmpv3_authpassphrase,snmpv3_privprotocol,snmpv3_privpassphrase,delay_flex,params,ipmi_sensor,authtype,username,password,publickey,privatekey,port,filter,lifetime,description,key,trapper_hosts,hostid,flags,value_type,data_type,interfaceid,itemid)
VALUES ('IPSEC discovery','0','','','3600','0','','','0','0','','0','','50/1-7,00:00-24:00','','','0','','','','','',Array,'30','','ipsec.discover','','10200','1','4','0',NULL,'29839')".

I am not familiar with the template creation/debugging yet so if you
have any idea or need any other details or help to debug, really, do
not hesitate to ask.
Thanks a lot again and have a nice week end :)

Hi,
I'm sorry to disturb you but I can't find and do not understand where we find the target ip for a non local tunnel. I tried with server ip of nordvpn (like 192.230.46.143 [fr185.nordvpn.com]) but in the graph it says : "Trigger: Tunnel nordvpn endpoint 192.230.46.143 (UNKNOWN)" and "IPSec nordvpn endpoint rtt [no data]" , etc. So, could you explain it to me please.

I had to add <application_prototypes/> for the template to be imported into version 3.0.

I'd be happy to do a pull request for you.

I needed to install the fping package on ubuntu image on AWS for the script to run.

I'd be happy to submit a PR.

Hello,

Where is the check_ipsec.sh script placed?
Server or client?
Could you give me the configuration with a practical example?
Thanks

After installing on 16.04 I manually ran the check_ipsec.sh script and it returns 0 whether the tunnel is up or not.

ubuntu@ipsec:~$ cat /etc/zabbix/ipsec.conf 
{
    "data":[
        { "{#TUNNEL}":"guba-guba","{#TARGETIP}":"52.xxx.xxx44","{#SOURCEIP}":"10.0.0.92","{#RTT_TIME_WARN}":"80","{#RTT_TIME_ERR}":"150" }
        ]
}

ubuntu@ipsec:~$ sudo bash /usr/local/lib/zabbix/externalscripts/check_ipsec.sh 52.xxx.xxx.44 10.0.0.92
0
ubuntu@ipsec:~$ sudo bash /usr/local/lib/zabbix/externalscripts/check_ipsec.sh 52.xxx.xxx.44 10.0.0.92 rtt
52.xxx.xxx.44

Hi,
I installed the template on 3.2 and assigned it to relevant gw's, but all the items are indicating tunnel is down or unreachable. I can see the macros have been rendered correctly as per my ipsec.conf.

I ran the shell script manually against the vpn name and that returned 1. i also ran it with ping params and that also returned 1, but for some reason zabbix isn't able to work with that.

In the script I noticed that you have "USE_SUDO=0 ". i set that to 1, but did not make any difference.

regards

I have done the configuration but i am not getting any data on graphs

Kindly help me....

The Discovery rule is showing as Item not supported.

Kindly help me.