Setting up Remote Scanners with Centralized Manager

Hi everyone,

I’m fairly new to OpenVAS, and I would like to set up a virtual network with OpenVAS scanning some arbitrary nodes in the network.

Right now, I’m having a really tough time to create (and also understand) an OpenVAS structure, where a scanner would reside in a subnet, away from the manager.

Just to update you on my understanding of OpenVAS, it appears possible to have multiple remote scanners in different subnets, and have these scanners be initiated by a centralized manager (if I’m wrong please tell me).

Can someone please advise me on how I can configure OpenVAS to operate with remote scanners and a centralized manager?

Please try to be as specific as possible, sending me links on manuals/guides on how remote scanners could be set up, as well as the manager.

Thank you very much.

1 Like

You can do this by building some scripts and trusted communication between the Manager and Sensor (this is how we call remove Scanner in different SubNets). You need to tunnel the OMP Socket between this instances either by pipe or other networking methods you need to configure between the Manager and Sensor. Same with Update and sensor synchronization you need to build a communication via network between them.

GOS on the hardware appliances does all of this out of the box.


Hi Lukas,

Thanks for your response!

I have some basic knowledge of networking, and intend to use GNS3 to simulate a simple network (maybe just 2 subnets and 1 router), but the workings of how the Manager and the Sensor communicate / config I’m very unsure of.

I read some articles talking about editing a file ::

-> edit /etc/init.d/openvas-manager
update the DAEMON_ARGS line to reflect the server address and a port of your chosing.
DAEMON_ARGS=" --listen=HOSTOIP --port=9393"

Hence, can you help to explain how can we define a node to be a Manager or Sensor?

And when you mean script, can you help to elaborate further? What is the script for?


(anyone else who can answer this would be great too :slight_smile: )

This blogpost could worth a try:

Hi cfi,

Thanks for the link!

I did try to follow, however I’m getting an error message that the manager node can’t connect to the slave.

It doesn’t have any other message other than the connection failed. I think I’ll raise a new topic on troubleshooting the connection between the master and the slave.

Thanks everyone :slight_smile:

Hello jjacec1,

Just want to ask, have you already resolved your issue where the manager node cant connect to the slave? I am having the same issue and I would like to know if you have resolved this


I have a master / slave setup up and running. The key points to check for a a successful setup are:

On the slave side:

  1. Have openvasmd listening to the network instead of a socket as a default. (Uncomment LISTEN_ADDRESS=“” in /etc/default/openvas-manager)
  2. Have an account created in openvasmd which have access to the local scanner (openvasmd --create-user=…)
  3. Gather all certificates & keys as explained in blog.

On the master side; you only have to create a new remote scanner with GSA, using account & certificates details created on the slave side, and make sure the scanner is of “OMP slave” type.

You also need to understand that both master & slave are actually very independant Openvas installations. So typically on the slave side, you need to update all your feeds, instruct openvasmd to update it’s database and restart it, have a working & tuned redis installation, etc… as you would do on a standalone installation. Failing to do so will make your slave fails to scan. Slave & master integration is very limited in current gse, but at last you can have scans performed remotely while centralizing the results on the master side. That’s actually what confused me at first; in a typical master / slave model I imagined the setup on the slave side was very limited & simple; although it’s just the same as on the master side.

Good luck !