Hi Bill,
I've understood bit better from your explanation.
I'll follow that link.
Conceptually, i understand the following. Please let me know whether I’m
correct.
1)
a) Net-SNMP tool can act as both SNMP manager and SNMP Agent.
Or
b) Net-SNMP tool acts as Manager only and test.net-snmp.org acts as Agent
only?
Which of a and b are correct.
2) test.net-snmp.org acts as agent and it has it's own certificate
tutorial-agent. We have to use this cert if we retrieve info from
test.net-snmp.org agent
3) tutorial-agent is a self signed certificate and tutorial-CA is a CA
signed certificate for agent.
4) I have tried giving the command you gave. I get an error.
$ snmpget -T our_identity=tutorial-joecool -T their_identity=tutorial-agent
\
> -t 10 tls:test.net-snmp.org sysUpTime.0
*Error: *
*No log handling enabled - using stderr loggingtlstcp: failed to connect to
test.net-snmp.org:10161 <http://test.net-snmp.org:10161>---- OpenSSL
Related Errors: ---- error: #33562734 (file bss_conn.c, line 269) Textual
Error: host=test.net-snmp.org:10161 <http://test.net-snmp.org:10161> error:
#537342055 (file bss_conn.c, line 273)---- End of OpenSSL Errors
----snmpget: Unknown host (tls:test.net-snmp.org
<http://test.net-snmp.org>) (Connection timed out)*
Tried the above command with tlstcp:test.net-snmp.org also. But still the
same error.
I have also sniffed the traces.
I can see SYN going out and retransmissions of SYN but don't get any
response.
5) The request gets generated from random port. Is that fine or should it
go from port 10161.
And should we start any service like snmpd on port 10161.
I assume snmpd is for snmp requests and snmptrapd is for traps. These are
for receiving requests and traps. Only for receiving we need to start this
service is what i understand
Looking forward for your response ASAP.
Thanks,
sandhya
On Fri, Jul 25, 2014 at 8:54 PM, Bill Fenner <fen...@gmail.com> wrote:
> I followed the step by step directions from
>
> http://www.net-snmp.org/wiki/index.php/TUT:Using_TLS
>
> and got:
>
> $ snmpget -T our_identity=tutorial-joecool \
> > -T their_identity=tutorial-agent \
> > -t 10 tls:test.net-snmp.org sysUpTime.0
> DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (1162098689) 134 days,
> 12:03:06.89
> $ snmpget -T our_identity=tutorial-joecool \
> > -T trust_cert=tutorial-CA \
> > -t 10 tls:test.net-snmp.org sysUpTime.0
> DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (1162099339) 134 days,
> 12:03:13.39
> $ snmpget -T
> our_identity=CD:74:45:C9:A3:A3:55:0A:6C:37:03:B2:49:38:B1:01:99:95:8E:43 \
> > -T
> their_identity=CA:B8:0A:B3:6B:4C:21:2A:F2:92:CD:0B:6B:DF:6A:9F:23:D6:30:4B \
> > tls:test.net-snmp.org sysContact.0
> SNMPv2-MIB::sysContact.0 = STRING: Net-SNMP Coders <
> net-snmp-coders@lists.sourceforge.net>
>
>
> While you say you have the private key, you have the private key for
> joecool, not for agent. You have to generate a key for your own local
> agent, and that is the identity you'll need to use in the their_identity
> argument.
>
> You use the net-snmp-cert command to manage/generate certs.
>
> Bill
>
>
>
> On Fri, Jul 25, 2014 at 7:32 AM, sandhya reddy <sr8...@gmail.com> wrote:
>
>> Hi Bill,
>>
>> Glad to see your response.
>> I have retrieved the entire certificate tar-ball
>> http://www.net-snmp.org/tutorial/tutorial-5/certificates/tutorial-.snmp.tar.gz
>> and uncompressed it.
>> Initially, i tried to send the snmpget request to test.net-snmp.org
>> using the certificates from the tutorial but it also failed giving error
>> "Error finding client keys. Unable to create SSL context. Unknown host".
>> Tutorial also gives the private keys. I have checked this in private folder
>> of snmp
>> If i try to send to the one in the tutirial test.net-snmp.org it should
>> work right ?
>>
>> This is why i switched to the next setup.
>> In this, i tried to setup Net-SNMP on two PCs using the same certs and
>> keys in tutorial.
>> When u pointed out regarding certs i realized that i'm doing it wrong. i
>> should create the cert in both Manager and Agent and use these two when
>> sending out snmpget request from Manger right?
>>
>> How do you create the certificates. Is there any link that follow steps
>> to create certificates for Net-SNMP?
>>
>> Once again i thank you for giving response. I've been waiting for some
>> response.
>>
>> Thanks,
>> sandhya
>>
>>
>>
>>
>> On Thu, Jul 24, 2014 at 5:44 PM, Bill Fenner <fen...@gmail.com> wrote:
>>
>>> Did you configure the certificates properly? In particular, did you
>>> configure the server with the private key? Since you're using the
>>> fingerprints from the tutorial, but using your local server instead of
>>> test.net-snmp.org, where did you get the private key? It's not part of
>>> the published set of keys.
>>>
>>> Bill
>>>
>>>
>>> On Wed, Jul 23, 2014 at 7:08 AM, sandhya reddy <sr8...@gmail.com> wrote:
>>>
>>>>
>>>>
>>>> Hi Coders and Users,
>>>>
>>>> I've setup NET-SNMP 5.6.2.1 and configured tsm model.
>>>> I've done this setup on two Ubuntu 14.04 PCs
>>>> I'm trying to send out snmpget request over tlstcp:10161 The folowing
>>>> are the steps i follow
>>>> 1) Start snmpd using the command : snmpd tlstcp:10161
>>>> 2) snmpget -T
>>>> our_identity=CD:74:45:C9:A3:A3:55:0A:6C:37:03:B2:49:38:B1:01:99:95:8E:43 -T
>>>> their_identity=CA:B8:0A:B3:6B:4C:21:2A:F2:92:CD:0B:6B:DF:6A:9F:23:D6:30:4B
>>>> tlstcp:<IPAddress>:10161
>>>> sysContact.0
>>>> I get an error "Failed to create SSL context".
>>>> I'm debugging using wireshark sniffs and observe the following:
>>>> In the process of sending out snmpget request, TCP connection is
>>>> getting established (i see SYN, SYN/ACK and ACK)and i see PUSH data to the
>>>> agent(which might be Client hello the next step from SNMP manager) for
>>>> which agent is trying to tear down the TCP connection with FIN/ACK
>>>>
>>>> Please give me some inputs as to what is wrong that is'm doing.
>>>> Please help me to get snmpget request working
>>>>
>>>>
>>>> Thanks,
>>>> Sandhya
>>>>
>>>>
>>>>
>>>> ------------------------------------------------------------------------------
>>>> Want fast and easy access to all the code in your enterprise? Index and
>>>> search up to 200,000 lines of code with a free copy of Black Duck
>>>> Code Sight - the same software that powers the world's largest code
>>>> search on Ohloh, the Black Duck Open Hub! Try it now.
>>>> http://p.sf.net/sfu/bds
>>>> _______________________________________________
>>>> Net-snmp-coders mailing list
>>>> Net-snmp-coders@lists.sourceforge.net
>>>> https://lists.sourceforge.net/lists/listinfo/net-snmp-coders
>>>>
>>>>
>>>
>>
>
------------------------------------------------------------------------------
Infragistics Professional
Build stunning WinForms apps today!
Reboot your WinForms applications with our WinForms controls.
Build a bridge from your legacy apps to the future.
http://pubads.g.doubleclick.net/gampad/clk?id=153845071&iu=/4140/ostg.clktrk
_______________________________________________
Net-snmp-coders mailing list
Net-snmp-coders@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/net-snmp-coders
