I'm standing up a new Nagios server, and I have run into a bit of a snag. Our existing server is running FreeBSD 11 w/ Nagios 4.3.4 and nrpe2. It can communicate w/ the nrpe2 daemons on our various servers (Ubuntu Xenial boxes, for the most part) as well as a few FreeBSD boxes running nrpe3. The new Nagios server, however, cannot talk to the nrpe2 clients (it can reach the nrpe3 clients). The error I get is:
CHECK_NRPE: (ssl_err != 5) Error - Could not complete SSL handshake with <insert_private_ip_here>: 1
I've tried adding in debug output on the client machines, but that's still the only error message I'm getting. From what I can see, nrpe3 and nrpe2 are supposed to be able to communicate, so my guess is this has something to do with different SSL/TLS versions and/or enabled ciphers, but I have been unable to find any documentation confirming that guess, or listing which ones I should enable to enable the two versions to communicate.
What is the actual problem here, and how do I fix it?
Have you tried using the
-2
argument in yourcheck_nrpe
command definition for these hosts?-2, --v2-packets-only Only use version 2 packets, not version
I have separate
check_nrpev2
command defined for older hosts, in file (Nagios 4!)/etc/nagios4/objects/commands.cfg
: