I have a remote site behind a NAT IP. To connect to this site directly, I need a VPN to connect to that site.
How can I add this particular site as a slave with a push configuration from the master site?
Has anybody done this?
Wireguard VPN works great with one side behind a NAT gateway, as long as the other side’s IP address is stable.
1 Like
Thanks for your answer. The IP on the other side is stable. How to do the configuration in Checkmk and what are the ports that should be opened here ?
Hello,
Everything is well described here:
You need to open TCP 6557 for livestatus, http/https and TCP 6556 and ICMP if you like to monitor your remote site.
regards
Michael
1 Like
Wireguard VPN uses 51820/udp as default port; however, any other UDP port can be used. You will need to open the Wireguard port from the side behind the NAT to the other side. In Wireguard, you should configure a keepalive packet to keep the NAT table entry persistent. I typically use a 45 seconds interval.
A good introduction on how to set up a wireguard tunnel with wg-quick can be found here: How to easily configure WireGuard - Stavros' Stuff
In Check, ensure to use the internal VPN IP adresses when setting up distributed monitoring. The usual Checkmk ports must be open: 6557/tcp for Livestatus, 443/tcp for distributed WATO, 6555/tcp if you want to forward notifications, and 6556/tcp if you want to monitor the remote site from the central site.
This topic was automatically closed 365 days after the last reply. New replies are no longer allowed. Contact an admin if you think this should be re-opened.