False positive when ikev2 vpn rekeying
Closed this issue · 2 comments
I have an issue when my vpn is rekeying because everytime it triggers a zabbix alert like if the VPN was down.
I managed to do some debugging and I think the problem relay on this command inside the script:
ipsec statusall | grep -e "$CONN" | grep -e "rekeying" > /dev/null 2>&1
this command is looking for "rekeying" all lower case but when the VPN is rekey the ipsec statusall return the following:
con32000: <ip>...<ip> IKEv2, dpddelay=10s
con32000: local: <ip> uses pre-shared key authentication
con32000: remote: <ip> uses pre-shared key authentication
con32000: child: <ip>|<ip> === <ip>|/0 TUNNEL, dpdaction=restart
con32000{39767}: ROUTED, TUNNEL, reqid 737
con32000{39767}: <ip>|<ip> === <ip>
con32000[14373]: ESTABLISHED 46 minutes ago, <ip>[<ip>]...<ip>[<ip>]
con32000[14373]: IKEv2 SPIs: fe3acf147ae589a0_i* 743e4c2bb2db2877_r, pre-shared key reauthentication in 6 hours
con32000[14373]: IKE proposal: AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_8192
con32000[14373]: Tasks active: CHILD_REKEY
con32000{42334}: REKEYING, TUNNEL, reqid 737, expires in 13 minutes
con32000{42334}: <ip>|<ip> === <ip>
I think a quick fix would be to run the grep with the "-i" option but I am not an expert and I might miss something.
@denisgrilliGMSL I got it. Actualy, I never found this scenario before. Maybe, is something related to ipsec version. Anyway, set the insensitive is not a problem. I just fix it on #8 .
Thank you by share you case and debug :)
@alanwds I really appreciate it.