Currently I am running Zabbix to monitor my network, and OPNSense to secure it. There is a Zabbix agent available for OPNSense which gives access to a number of stats. One thing missing however is configuration of the encryption variables in the OPNSense GUI.
One cannot simply enable the feature using the config file as it is auto-ggenerated and on every restart it gets re-written. To enable the encryption you have to create a new config file, I named mine TLS.conf, with a path of “/usr/local/etc/zabbix_agentd.conf.d”. Final content of mine which makes use of PSK based encryption:
TLSConnect=psk TLSAccept=psk TLSPSKIdentity=PSK 001 TLSPSKFile=/usr/local/etc/zabbix_agentd.psk
In the above “PSK 001” the 001 can be any number that is configured on the Zabbix server, as long as they match. Then create the psk keyfile located at “/usr/local/etc/zabbix_agentd.psk”. I generate a random key using openssl via the following command:
openssl rand -hex 32 > zabbix_agentd.psk
A side note on the key file, seems it only works with key sizes of 32bytes or less. Using the command above you can then read the contents of the file and copy it in to the Zabbix host configuration.