Some of the changes in version 2.10 are:
- definitions now moved into a hash of hashes instead of different arrays
- cleanup to the ‘–help’ parameter (now hinted at when none is given)
- added an ‘–exclude’ parameter for different checks as requested by ‘Mastrboy’
check plugins for Compaq/HP (1469 downloads)
Version 2.9 adds some new features. Thanks again to Jean Prat for:
- adding cpqNicIfLogMapStatus
- adding cpqNicIfPhysAdapterStatus
- giving component names a more readable form
check plugins for Compaq/HP (2415 downloads)
Version 2.8 fixes one more issue with the cpqHeEventLogCondition.
Thanks to Seth Rice for his support while debugging.
check plugins for Compaq/HP (1397 downloads)
Version 2.7 fixes a minor bug introduced by the cpqHeResilientMemCondition check. This comes together with some small cleanup around that part.
Thanks to Peter Tauber for pointing it out and verifying
check plugins for Compaq/HP (1322 downloads)
Version 2.6 is the first release after a long time and together with some code-cleanup (all the stuff coming from check_ifoperstatus) it adds new checks for the following:
- tape drives
- fibre channel adapters
- event log
- resilient memory
check plugins for Compaq/HP (1336 downloads)
lately I have been testing more than one IPsec configuration and I’m not convinced by what is currently provided by Ubuntu/Debian and I now don’t think OpenSWAN to be the best solution available.
Actually I ran into the following issues while trying OpenSWAN and StrongSWAN as provided by Ubuntu 8.04 and 10.04:
- Ubuntu 8.04 LTS (openswan 2.4.9): client connections are dropped after 60 minutes (see http://lists.openswan.org/pipermail/users/2009-July/017098.html)
- Ubuntu 10.04 LTS (openswan 2.6.23): responses to L2TP requests are not encapsulated in IPsec; since the original L2TP request was encapsulated in IPsec any client located behind a NAT-device (ADSL router, internal company network et. al.) won’t be able to receive the response – the response will be dropped by the NAT-device (see http://bugs.xelerance.com/view.php?id=1004)
- Ubuntu 8.04 LTS (strongswan 4.1.9) and Ubuntu 10.04 LTS (strongswan 4.3.2): NAT-T support is not enabled in the binary; this is defined as “not safe” in the build script “debian/rules” which is more or less a bit of a headache, since everyone of us trying to use a mobile device from WIFI networks will at some point in time need support for this
While trying out different versions of OpenSWAN I stumbled from one issue (and bug) into the next. I finally decided to settle for StrongSWAN and followed Niels’ advice (see http://nielspeen.com/blog/2009/04/linux-l2tpipsec-with-iphone-and-mac-osx-clients/) on how to re-build a StrongSWAN package with NAT-T support.
Even though I’m no security expert, I believe it to be a bad choice by the original package maintainers not to include NAT-T support. It should be up to us sys-admins to decide whether or not we want to activate it. If you don’t compile support for it into the binary, you take the choice for this vital component (IMHO) away from us! Just put “nat_traversal=no” and a nice comment about it “possibly” not being safe into the package’s default configuration file!
PLEASE NOTICE: StrongSWAN’s NAT-T “possibly not being safe” does not refer to an implementation issue with this feature but to the specification itself!!
I guess not everyone has a mind to re-build the whole package, so I’ll provide pre-compiled StrongSWAN packages with activated NAT-T support for Ubuntu 8.04 LTS / 10.04 LTS.
iPhone / iPad VPN and firewall example configuration (1781 downloads)
Whatever you think about this short post – please drop me a note at firstname.lastname@example.org or otherwise simple use the yellow button at the right… 🙂
Version 2.5 is just a bug fix for a realy stupid error I introduced when putting the whole thing under version control. This should be fixed now. Thanks Eric for pointing it out!
check plugins for Compaq/HP (3795 downloads)
Version 2.4 is now under version control, has a README and ChangeLog file.
check plugins for Compaq/HP (1204 downloads)
The README now includes documentation about all requirements:
- path to nagios-plugins “utils.pm”
- the distribution’s “libsnmp-perl” package if you are missing Net/SNMP.pm
check plugins for Compaq/HP (1123 downloads)
A minor update:
- one typo fixed, which would have prevented the output of the actual state of physical drives (the error itself would have been reported)
- the README now includes a hint about the debug option “-d”, which is not intended to be used in production
check plugins for Compaq/HP (1035 downloads)