Ad Widget

Collapse

Zabbix agent unreachable flapping over vpn

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • idsolvy
    Junior Member
    • May 2018
    • 3
    #1

    Zabbix agent unreachable flapping over vpn

    Hi,

    I'm having an issue with passively monitoring remote hosts living on another subnet, connected by a VPN.

    A bit about my setup:

    Zabbix server lives on 10.0.0.0/24 and can reach, ping, monitor, etc all hosts on 10.0.0.0/24 without issue. This part works great.

    I have 10.0.2.0/24 that is a remote network, and the two are connected by an OpenVPN tunnel setup with 2 pfsense VM's, one on each network.

    The issue I'm running into is that all of the hosts on 10.0.2.0/24 will, every 5 to 10 minutes, pop in as "Zabbix agent unreachable for 5m minutes" and then after another 5 or 10 minutes, it will resolve itself.

    I have not been able to detect any packet loss over the VPN, nor is the VPN even close to being saturated. The RTA is roughly 25ms, and the pipes between the two are very reliable. I can ping, ssh, anything else over the VPN without issue, as I have a few other servers running over it.

    Has anyone ever run into anything like this? Itty gritty networking isn't really my thing so all I can think of is that maybe there's a weird thing in Zabbix i need to configure, or perhaps something with the VPN configuration. As for that, its pretty basic, using shared key authentication.

    Relatively new to Zabbix so if there are any configs/settings you'd like me to post, let me know.

    Thanks for any insight.
    Tags: None
    • aigars.kadikis
      Senior Member
      Zabbix Certified SpecialistZabbix Certified Professional
      • Mar 2018
      • 208
      #2
      Hi, idsolvy,

      Please clone template 'Template App Zabbix Agent', then open the clone and decrease gathering interval for 'agent.ping' to something like 10s. Assign this template to one of your hosts in 10.0.2.0/24.
      Show us some graphs from that specific host under Monitoring -> Latest data. Type 'Zabbix agent' in Application field.

      How many hosts do you have in 10.0.2.0/24 after all?

      Regards,

        Comment

        • idsolvy
          Junior Member
          • May 2018
          • 3
          #3
          Hi,

          I think I have roughly 9 or 10 hosts (all virtualized) on 10.0.2.0/24. I will apply your suggestion and then post back here when I have some graphs.

          Thanks

            Comment

            • aigars.kadikis
              Senior Member
              Zabbix Certified SpecialistZabbix Certified Professional
              • Mar 2018
              • 208
              #4
              Ok, will wait for results,

              Another shot is to try out using Zabbix Active proxy (+1 virtual machine) in your second subnet and perform all passive check from there.
              In that case, Zabbix proxy will collect all data and push those metrics to the server. And the server will calculate triggers, generate events and so on..

              Best regards,
              Aigars

                Comment

                • idsolvy
                  Junior Member
                  • May 2018
                  • 3
                  #5
                  Hi again,

                  I would post the graphs, except they're not very interesting. After changing that setting, it didn't drop a single ping/check for 24 hours.

                  However, the flapping behavior also stopped on all other hosts on that subnet, and i believe it was due to a config change on my VPN that a colleague recommended. I will post it here, in case anyone else stumbles across this post with similar issues.

                  This is for OpenVPN tunnels on pfsense:

                  System > Advanced > Firewall & NAT > Firewall Optimization Options: Set this to conservative.

                  The above change seems to have resolved my issues. For additional info, the change was made on the remote end of the firewall (10.0.2.0/24) and not the client side (10.0.0.0/24).

                    Comment

                    • aigars.kadikis
                      Senior Member
                      Zabbix Certified SpecialistZabbix Certified Professional
                      • Mar 2018
                      • 208
                      #6
                      Originally posted by idsolvy
                      Hi again,

                      I would post the graphs, except they're not very interesting. After changing that setting, it didn't drop a single ping/check for 24 hours.

                      However, the flapping behavior also stopped on all other hosts on that subnet, and i believe it was due to a config change on my VPN that a colleague recommended. I will post it here, in case anyone else stumbles across this post with similar issues.

                      This is for OpenVPN tunnels on pfsense:

                      System > Advanced > Firewall & NAT > Firewall Optimization Options: Set this to conservative.

                      The above change seems to have resolved my issues. For additional info, the change was made on the remote end of the firewall (10.0.2.0/24) and not the client side (10.0.0.0/24).
                      Than you for the update. Glad that it resolved.

                        Comment

                        Previous template Next
                        Working...