On Mar 3, 2015, at 1:59 AM, Gerd v. Egidy <[email protected]> wrote: > Hi Philip, > >> I'm looking at adding MIB support (because a client requested it) and >> wondering what prior work anyone else had done in this realm. >> >> I've seen that there's an RFC (4807) for SPD configuration, but I've not >> found an IPsec SA MIB. > > I've done a bit of research and found that there is no standard that is used > by several vendors. > > Cisco, Checkpoint, Watchguard all have their own, vendor specific MIB to > monitor IPSec. > > Sophos (ex Astaro) don't have it, as they are using Strongswan internally, it > would have been handy. > > I couln't find any snmp support for the other opensource IPSec stacks > KAME/Racoon and OpenSWAN. > > So unless you are accustomed to IETF work and have the time to write, edit > and > argument an RFC, I'd suggest to do it like the others and create a Strongswan > specific MIB. > > Kind regards, > > Gerd >
As it turns out, I am accustomed to IETF work (RFC-1048 and RFC-1051) though it’s been a while, obviously. I was on the MIB WG back in the 90’s, and worked on the IGMP MIB and an XNS MIB that died a slow death (the writing was on the wall back then that everything was converging on IP anyway). I’ll need to ask my employer if I can throw the cycles at this. We could always come up with a generic enough MIB of our own, implement it, and then try to argue it with the IETF… and if it gets approved, it’s a simple matter to change the root of the OID tree to the IANA assigned string… -Philip _______________________________________________ Dev mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/dev
