Obsolete:Monitoring/strongswan

The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

This page contains historical information. It may be outdated or unreliable.

IPsec connections are monitored today using a combination of prometheus-ipsec-exporter and icinga.

A per-site alert will fire via Icinga check_prometheus should one or more defined IPsec tunnels change to disconnected, unknown, or other non-connected state.

Troubleshooting an issue

Review the alert description text carefully. You should see some hint about where the problem lies here.
1. e.g. alert text of "instance=cp1081:9536 site=eqiad tunnel={cp3060_v4,cp3060_v6}" indicates that there is a problem with the tunnels to cp3060 being reported by host cp1081.
Check the IPsec Grafana dashboard
1. Investigate any ongoing non-zero values.
2. Look for commonality, e.g. do multiple instances report problems with the same tunnel?
Write more about what you did to troubleshoot the issue in this runbook :)
Tell the traffic team about it