Libreswan IPSec tunnel collector
Collects bytes-in, bytes-out and uptime for all established libreswan IPSEC tunnels.
The following charts are created, per tunnel:
- the uptime of the tunnel
- bytes in
- bytes out
If using our official native DEB/RPM packages, make sure
netdata-plugin-chartsd is installed.
charts.d/libreswan.conf configuration file using
edit-config from the Netdata config
directory, which is typically at
cd /etc/netdata # Replace this path with your Netdata config directory, if different
sudo ./edit-config charts.d/libreswan.conf
The plugin executes 2 commands to collect all the information it needs:
ipsec whack --status
ipsec whack --trafficstatus
The first command is used to extract the currently established tunnels, their IDs and their names. The second command is used to extract the current uptime and traffic.
Most probably user
netdata will not be able to query libreswan, so the
ipsec commands will be denied.
The plugin attempts to run
sudo ipsec ..., to get access to libreswan statistics.
To allow user
sudo ipsec ..., create the file
/etc/sudoers.d/netdata with this content:
netdata ALL = (root) NOPASSWD: /sbin/ipsec whack --status
netdata ALL = (root) NOPASSWD: /sbin/ipsec whack --trafficstatus
Make sure the path
/sbin/ipsec matches your setup (execute
which ipsec to find the right path).
Do you have any feedback for this page? If so, you can open a new issue on our netdata/learn repository.