bin/check_openvpn-simple

   1 #!/usr/bin/env python
   2
   3 """
   4 A Nagios plugin for checking whether or not an OpenVPN server is
   5 alive.
   6
   7 We don't actually interact with the OpenVPN server; we merely send it
   8 a a magic (heretofore unexplained) byte sequence and ensure that we
   9 get some kind of response.
  10 """
  11
  12 from argparse import ArgumentDefaultsHelpFormatter, ArgumentParser
  13 from datetime import datetime
  14 import socket
  15
  16 # Define a few exit codes.
  17 EXIT_OK = 0
  18 EXIT_CRITICAL = 2
  19
  20 parser = ArgumentParser(description = __doc__,
  21                         formatter_class = ArgumentDefaultsHelpFormatter)
  22
  23 # Required positional argument.
  24 parser.add_argument('host',
  25                     metavar='HOST',
  26                     help='host to check')
  27
  28 parser.add_argument('-p',
  29                     '--port',
  30                     type=int,
  31                     default=1194,
  32                     help='port number to check')
  33
  34 parser.add_argument('-t',
  35                     '--tcp',
  36                     action='store_true',
  37                     default=False,
  38                     help='use TCP instead of the default UDP')
  39
  40 parser.add_argument('-w',
  41                     '--timeout',
  42                     type=int,
  43                     default=15,
  44                     help='set the timeout (in seconds)')
  45
  46 parser.add_argument('-v',
  47                     '--verbose',
  48                     action='store_true',
  49                     help='produce more verbose output')
  50
  51 args = parser.parse_args()
  52
  53 proto = (socket.SOCK_DGRAM, 'udp')
  54 if args.tcp:
  55     proto = (socket.SOCK_STREAM, 'tcp')
  56
  57 if args.verbose:
  58         print("Checking %s:%d (%s)" % (args.host, args.port, proto[1]))
  59
  60 sock = socket.socket(socket.AF_INET, proto[0])
  61
  62 # Default to success, change it if anything fails.
  63 status = EXIT_OK
  64
  65 try:
  66     sock.settimeout(args.timeout)
  67     time_start = datetime.now()
  68     sock.connect((args.host, args.port))
  69
  70     # This is a magic byte sequence, most likely obtained from a packet
  71     # capture. Connections without a TLS auth key will actually return a
  72     # response when we send this; however, secured connections will not
  73     # (although nothing will fail).
  74     #
  75     # See,
  76     #
  77     #   http://serverfault.com/questions/262474
  78     #
  79     magic = b"\x38\x01\x00\x00\x00\x00\x00\x00\x00"
  80     sock.send(magic)
  81
  82     # If the server uses a TLS auth key, the response will be empty
  83     # but at least it will come, preventing a timeout.
  84     reply = sock.recv(100)
  85     time_end = datetime.now()
  86
  87     if args.verbose:
  88         # This will be gibberish, but at least you can see that the
  89         # server spit something out.
  90         hex_reply = ''.join(['%02x' % ord(byte) for byte in reply])
  91         print('Received(hex): %s' % hex_reply)
  92
  93     time_elapsed = time_end - time_start
  94     print('OK %.3fms' % (time_elapsed.total_seconds() * 1000))
  95
  96 except socket.timeout as e:
  97     print('ERROR: connection timed out (%d seconds)' % args.timeout)
  98     status = EXIT_CRITICAL
  99
 100 except socket.gaierror as e:
 101     print('ERROR: ', str(e.args[1]))
 102     status = EXIT_CRITICAL
 103
 104 except Exception as e:
 105     print('ERROR: ', str(e))
 106     status = EXIT_CRITICAL
 107
 108 sock.close()
 109 exit(status)