Monitor OpenConnect VPN using Zabbix

Hello,

I’m looking for a decent way to monitor OpenConnect VPN server - number of currently connected sessions as a starting point. I’m using VyOS 1.5-rolling-202501110007 in my lab.

What’s the easiest approach here?

I monitor OS parameters using built-in zabbix agent already, but agent does not support system.run.

One of straightforward approaches would be ‘show openconnect-server session | grep ^sslvpn | wc -l’ via SSH, but I guess there should be other options?

TIA

You can make the agent do anything you want.

I do the following:
set service monitoring zabbix-agent directory '/config/zabbix/' (use whatever dir you want, but it makes sense to use something in /config so it gets copied on upgrade etc)

In my /config/zabbix I have a file called conntrack.conf with the following:

UserParameter=ip_conntrack_count,cat /proc/sys/net/netfilter/nf_conntrack_count
UserParameter=ip_conntrack_offload_count,conntrack -L -u offload 2>&1 | sed -n 's/.*: \([0-9]\+\) flow entries.*/\1/p'

This gives me two new items that track how many connection tracking entries I have, and how many of them are offloaded (flowtable) sessions.

But you could create /config/zabbix/system.conf and enable system run in there, or do whatever fancy trick(s) you want to get the stats you need.

Instead of having to create a userparameter, what I prefer to do is use the net.tcp.port zabbix agent key to have it make a TCP test connection to an IP on the other end of the VPN tunnel. This does a full test without having to create a custom config on the zabbix agent.

https://www.zabbix.com/documentation/current/en/manual/config/items/itemtypes/zabbix_agent#net.tcp.port

2 Likes

Looks like exactly what I need, thank you, I’ll give it a shot!

1 Like

Not my case exactly as I’ll have plethora of different Win clients with FWs and such, but one of the approaches in other cases definitely, thanks.

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.