Hi Philip, > I'm looking at adding MIB support (because a client requested it) and > wondering what prior work anyone else had done in this realm. > > I've seen that there's an RFC (4807) for SPD configuration, but I've not > found an IPsec SA MIB.
I've done a bit of research and found that there is no standard that is used by several vendors. Cisco, Checkpoint, Watchguard all have their own, vendor specific MIB to monitor IPSec. Sophos (ex Astaro) don't have it, as they are using Strongswan internally, it would have been handy. I couln't find any snmp support for the other opensource IPSec stacks KAME/Racoon and OpenSWAN. So unless you are accustomed to IETF work and have the time to write, edit and argument an RFC, I'd suggest to do it like the others and create a Strongswan specific MIB. Kind regards, Gerd _______________________________________________ Dev mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/dev
