Got a few nice inputs from George Hansper, who thought it better to indicate more details about single component units in order to have the possibility to exclude some specific device.
This may not be a best practice to be followed, but nevertheless is a valid requirement in some specific and possibly temporary cases.
Thanks George for pointing out and testing the current version!
check plugins for Compaq/HP (2785 downloads)
Some more testing done by Martin Boer together with some nice feedback on how to shorten down and beautify the code:
- replaced a lot of silly ‘elsif’ statements with a single (but safe) ‘eval’
- introduced a ‘-w’ parameter to set some failures to WARNING states instead of CRITICAL since “you don’t consider a bad disk in a RAID configuration necessarily something you want to find out in the middle of the night”
Since I published this without much testing, that would now be up to you guys 😉
check plugins for Compaq/HP (3248 downloads)
Some of the changes in version 2.10 are:
- definitions now moved into a hash of hashes instead of different arrays
- cleanup to the ‘–help’ parameter (now hinted at when none is given)
- added an ‘–exclude’ parameter for different checks as requested by ‘Mastrboy’
check plugins for Compaq/HP (2536 downloads)
Version 2.9 adds some new features. Thanks again to Jean Prat for:
- adding cpqNicIfLogMapStatus
- adding cpqNicIfPhysAdapterStatus
- giving component names a more readable form
check plugins for Compaq/HP (3483 downloads)
Version 2.8 fixes one more issue with the cpqHeEventLogCondition.
Thanks to Seth Rice for his support while debugging.
check plugins for Compaq/HP (2560 downloads)
Version 2.7 fixes a minor bug introduced by the cpqHeResilientMemCondition check. This comes together with some small cleanup around that part.
Thanks to Peter Tauber for pointing it out and verifying
check plugins for Compaq/HP (2413 downloads)
Version 2.6 is the first release after a long time and together with some code-cleanup (all the stuff coming from check_ifoperstatus) it adds new checks for the following:
- tape drives
- fibre channel adapters
- event log
- resilient memory
check plugins for Compaq/HP (2382 downloads)
lately I have been testing more than one IPsec configuration and I’m not convinced by what is currently provided by Ubuntu/Debian and I now don’t think OpenSWAN to be the best solution available.
Actually I ran into the following issues while trying OpenSWAN and StrongSWAN as provided by Ubuntu 8.04 and 10.04:
- Ubuntu 8.04 LTS (openswan 2.4.9): client connections are dropped after 60 minutes (see http://lists.openswan.org/pipermail/users/2009-July/017098.html)
- Ubuntu 10.04 LTS (openswan 2.6.23): responses to L2TP requests are not encapsulated in IPsec; since the original L2TP request was encapsulated in IPsec any client located behind a NAT-device (ADSL router, internal company network et. al.) won’t be able to receive the response – the response will be dropped by the NAT-device (see http://bugs.xelerance.com/view.php?id=1004)
- Ubuntu 8.04 LTS (strongswan 4.1.9) and Ubuntu 10.04 LTS (strongswan 4.3.2): NAT-T support is not enabled in the binary; this is defined as “not safe” in the build script “debian/rules” which is more or less a bit of a headache, since everyone of us trying to use a mobile device from WIFI networks will at some point in time need support for this
While trying out different versions of OpenSWAN I stumbled from one issue (and bug) into the next. I finally decided to settle for StrongSWAN and followed Niels’ advice (see http://nielspeen.com/blog/2009/04/linux-l2tpipsec-with-iphone-and-mac-osx-clients/) on how to re-build a StrongSWAN package with NAT-T support.
Even though I’m no security expert, I believe it to be a bad choice by the original package maintainers not to include NAT-T support. It should be up to us sys-admins to decide whether or not we want to activate it. If you don’t compile support for it into the binary, you take the choice for this vital component (IMHO) away from us! Just put “nat_traversal=no” and a nice comment about it “possibly” not being safe into the package’s default configuration file!
PLEASE NOTICE: StrongSWAN’s NAT-T “possibly not being safe” does not refer to an implementation issue with this feature but to the specification itself!!
I guess not everyone has a mind to re-build the whole package, so I’ll provide pre-compiled StrongSWAN packages with activated NAT-T support for Ubuntu 8.04 LTS / 10.04 LTS.
iPhone / iPad VPN and firewall example configuration (3319 downloads)
Whatever you think about this short post – please drop me a note at email@example.com or otherwise simple use the yellow button at the right… 🙂
Version 2.5 is just a bug fix for a realy stupid error I introduced when putting the whole thing under version control. This should be fixed now. Thanks Eric for pointing it out!
check plugins for Compaq/HP (5340 downloads)
Version 2.4 is now under version control, has a README and ChangeLog file.
check plugins for Compaq/HP (2719 downloads)