The server is configured to use TCP. Argh, it didn't occur to me that the 'CONNECTED' is actually client speaking instead of from the VPN server. That would explain why it fails all the time! Well, what about just to see if I can open tcp connection to that port (Again, the HMAC secret probably will get in the way of establishing a true SSL connection)?
On 8/28/06, Henrik Stoerner <henrik at hswn.dk> wrote:
On Fri, Aug 25, 2006 at 10:09:50AM -0400, Jerry Yu wrote:
I need to monitor OpenVPN service on a remote server (OpenVPN is already monitored as a PROC locally on that server)
OpenVPN is SSL-based, so, I made up a service entry as below. The test is failing, got 'unexpected service response'm w/o any data. Because a shared HMAC secret is used for this OpenVPN server, a connection attempt w/o the HMAC secret will not be able to get the certificate (maybe this is why it fails?).
In the default configuration, OpenVPN is only UDP traffic - Hobbit has no support for communicating with this type of service.
Assuming you did configure OpenVPN for TCP, then it is likely that the SSL protocol is either wrapped inside an OpenVPN header, or some OpenVPN traffic needs to precede the actual SSL handshake.
[openvpn] expect "CONNECTED(00000003)" option ssl port 12345
That "expect" string will never match; the "CONNECTED" string is a debugging output from the OpenSSL "s_client" utility.
Your best bet is probably to enable the OpenVPN management service, and check that with a normal "http" status check.
Regards, Henrik
To unsubscribe from the hobbit list, send an e-mail to hobbit-unsubscribe at hswn.dk