Is there any way that we set the source port also when sending request??
Thanks,
Sandhya
On Thu, Jul 31, 2014 at 6:30 PM, sandhya reddy <sr8...@gmail.com> wrote:
> Hi Bill,
>
> I guess that SYN not getting any response is due to *firewall issue* at
> our side
>
> 1) Now i've tried to setup one PC as Net-SNMP Agent and other as manager.
> 2) On the PC which is an Agent i have started snmpd service on port 10161
> using snmpd tlstcp:10161 command.
> This port is in LISTEN state.
> 3) I have generated certificate in Agent using net-snmp-cert command with
> name as Agent-89. I give this name in snmpget request their_identity
> parameter. Do i have to give the agent certificate name also when sending
> snmpget request from manager? If so why?
>
> Command:
> snmpget -T our_identity=tutorial-joecool -T their_identity=Agent-83 -t 10
> tlstcp:<IP> sysUpTime.0
> Inspite of these i get the error.
>
> t
> *lstcp:Failed to SSl connect *
>
> *snmpget: Unknown host(Transport endpoint is not connected)*
>
>
> I've tried on another PC and got different error
>
>
>
>
>
>
>
>
> *No log handling enabled - using stderr logging tlstcp: failed to connect
> to 10.253.6.83:10161 <http://10.253.6.83:10161>---- OpenSSL Related Errors:
> ---- error: #33562734 (file bss_conn.c, line 269) Textual Error:
> host=10.253.6.83:10161 <http://10.253.6.83:10161> error: #537342055 (file
> bss_conn.c, line 273)---- End of OpenSSL Errors ----snmpget: Unknown host
> (tlstcp:10.253.6.83) (Connection timed out)*
>
> Please help me with this setup.
>
> Firewall issue i can't resolve as of now. Please help me setting up agent
> and manager locally
>
>
>
>
> On Thu, Jul 31, 2014 at 2:10 PM, sandhya reddy <sr8...@gmail.com> wrote:
>
>> Hi Bill,
>> I've understood bit better from your explanation.
>> I'll follow that link.
>> Conceptually, i understand the following. Please let me know whether I’m
>> correct.
>> 1)
>> a) Net-SNMP tool can act as both SNMP manager and SNMP Agent.
>> Or
>> b) Net-SNMP tool acts as Manager only and test.net-snmp.org acts as
>> Agent only?
>>
>> Which of a and b are correct.
>>
>> 2) test.net-snmp.org acts as agent and it has it's own certificate
>> tutorial-agent. We have to use this cert if we retrieve info from
>> test.net-snmp.org agent
>>
>> 3) tutorial-agent is a self signed certificate and tutorial-CA is a CA
>> signed certificate for agent.
>>
>> 4) I have tried giving the command you gave. I get an error.
>> $ snmpget -T our_identity=tutorial-joecool -T
>> their_identity=tutorial-agent \
>> > -t 10 tls:test.net-snmp.org sysUpTime.0
>>
>> *Error: *
>>
>>
>>
>>
>>
>>
>>
>>
>> *No log handling enabled - using stderr loggingtlstcp: failed to connect
>> to test.net-snmp.org:10161 <http://test.net-snmp.org:10161> ---- OpenSSL
>> Related Errors: ---- error: #33562734 (file bss_conn.c, line 269) Textual
>> Error: host=test.net-snmp.org:10161 <http://test.net-snmp.org:10161> error:
>> #537342055 (file bss_conn.c, line 273) ---- End of OpenSSL Errors
>> ----snmpget: Unknown host (tls:test.net-snmp.org
>> <http://test.net-snmp.org>) (Connection timed out)*
>>
>> Tried the above command with tlstcp:test.net-snmp.org also. But still
>> the same error.
>> I have also sniffed the traces.
>> I can see SYN going out and retransmissions of SYN but don't get any
>> response.
>>
>> 5) The request gets generated from random port. Is that fine or should it
>> go from port 10161.
>>
>> And should we start any service like snmpd on port 10161.
>>
>> I assume snmpd is for snmp requests and snmptrapd is for traps. These are
>> for receiving requests and traps. Only for receiving we need to start this
>> service is what i understand
>>
>>
>> Looking forward for your response ASAP.
>>
>> Thanks,
>> sandhya
>>
>>
>>
>>
>> On Fri, Jul 25, 2014 at 8:54 PM, Bill Fenner <fen...@gmail.com> wrote:
>>
>>> I followed the step by step directions from
>>>
>>> http://www.net-snmp.org/wiki/index.php/TUT:Using_TLS
>>>
>>> and got:
>>>
>>> $ snmpget -T our_identity=tutorial-joecool \
>>> > -T their_identity=tutorial-agent \
>>> > -t 10 tls:test.net-snmp.org sysUpTime.0
>>> DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (1162098689) 134 days,
>>> 12:03:06.89
>>> $ snmpget -T our_identity=tutorial-joecool \
>>> > -T trust_cert=tutorial-CA \
>>> > -t 10 tls:test.net-snmp.org sysUpTime.0
>>> DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (1162099339) 134 days,
>>> 12:03:13.39
>>> $ snmpget -T
>>> our_identity=CD:74:45:C9:A3:A3:55:0A:6C:37:03:B2:49:38:B1:01:99:95:8E:43 \
>>> > -T
>>> their_identity=CA:B8:0A:B3:6B:4C:21:2A:F2:92:CD:0B:6B:DF:6A:9F:23:D6:30:4B \
>>> > tls:test.net-snmp.org sysContact.0
>>> SNMPv2-MIB::sysContact.0 = STRING: Net-SNMP Coders <
>>> net-snmp-coders@lists.sourceforge.net>
>>>
>>>
>>> While you say you have the private key, you have the private key for
>>> joecool, not for agent. You have to generate a key for your own local
>>> agent, and that is the identity you'll need to use in the their_identity
>>> argument.
>>>
>>> You use the net-snmp-cert command to manage/generate certs.
>>>
>>> Bill
>>>
>>>
>>>
>>> On Fri, Jul 25, 2014 at 7:32 AM, sandhya reddy <sr8...@gmail.com> wrote:
>>>
>>>> Hi Bill,
>>>>
>>>> Glad to see your response.
>>>> I have retrieved the entire certificate tar-ball
>>>> http://www.net-snmp.org/tutorial/tutorial-5/certificates/tutorial-.snmp.tar.gz
>>>> and uncompressed it.
>>>> Initially, i tried to send the snmpget request to test.net-snmp.org
>>>> using the certificates from the tutorial but it also failed giving error
>>>> "Error finding client keys. Unable to create SSL context. Unknown host".
>>>> Tutorial also gives the private keys. I have checked this in private folder
>>>> of snmp
>>>> If i try to send to the one in the tutirial test.net-snmp.org it
>>>> should work right ?
>>>>
>>>> This is why i switched to the next setup.
>>>> In this, i tried to setup Net-SNMP on two PCs using the same certs and
>>>> keys in tutorial.
>>>> When u pointed out regarding certs i realized that i'm doing it wrong.
>>>> i should create the cert in both Manager and Agent and use these two when
>>>> sending out snmpget request from Manger right?
>>>>
>>>> How do you create the certificates. Is there any link that follow steps
>>>> to create certificates for Net-SNMP?
>>>>
>>>> Once again i thank you for giving response. I've been waiting for some
>>>> response.
>>>>
>>>> Thanks,
>>>> sandhya
>>>>
>>>>
>>>>
>>>>
>>>> On Thu, Jul 24, 2014 at 5:44 PM, Bill Fenner <fen...@gmail.com> wrote:
>>>>
>>>>> Did you configure the certificates properly? In particular, did you
>>>>> configure the server with the private key? Since you're using the
>>>>> fingerprints from the tutorial, but using your local server instead of
>>>>> test.net-snmp.org, where did you get the private key? It's not part
>>>>> of the published set of keys.
>>>>>
>>>>> Bill
>>>>>
>>>>>
>>>>> On Wed, Jul 23, 2014 at 7:08 AM, sandhya reddy <sr8...@gmail.com>
>>>>> wrote:
>>>>>
>>>>>>
>>>>>>
>>>>>> Hi Coders and Users,
>>>>>>
>>>>>> I've setup NET-SNMP 5.6.2.1 and configured tsm model.
>>>>>> I've done this setup on two Ubuntu 14.04 PCs
>>>>>> I'm trying to send out snmpget request over tlstcp:10161 The folowing
>>>>>> are the steps i follow
>>>>>> 1) Start snmpd using the command : snmpd tlstcp:10161
>>>>>> 2) snmpget -T
>>>>>> our_identity=CD:74:45:C9:A3:A3:55:0A:6C:37:03:B2:49:38:B1:01:99:95:8E:43
>>>>>> -T
>>>>>> their_identity=CA:B8:0A:B3:6B:4C:21:2A:F2:92:CD:0B:6B:DF:6A:9F:23:D6:30:4B
>>>>>> tlstcp:<IPAddress>:10161
>>>>>> sysContact.0
>>>>>> I get an error "Failed to create SSL context".
>>>>>> I'm debugging using wireshark sniffs and observe the following:
>>>>>> In the process of sending out snmpget request, TCP connection is
>>>>>> getting established (i see SYN, SYN/ACK and ACK)and i see PUSH data to
>>>>>> the
>>>>>> agent(which might be Client hello the next step from SNMP manager) for
>>>>>> which agent is trying to tear down the TCP connection with FIN/ACK
>>>>>>
>>>>>> Please give me some inputs as to what is wrong that is'm doing.
>>>>>> Please help me to get snmpget request working
>>>>>>
>>>>>>
>>>>>> Thanks,
>>>>>> Sandhya
>>>>>>
>>>>>>
>>>>>>
>>>>>> ------------------------------------------------------------------------------
>>>>>> Want fast and easy access to all the code in your enterprise? Index
>>>>>> and
>>>>>> search up to 200,000 lines of code with a free copy of Black Duck
>>>>>> Code Sight - the same software that powers the world's largest code
>>>>>> search on Ohloh, the Black Duck Open Hub! Try it now.
>>>>>> http://p.sf.net/sfu/bds
>>>>>> _______________________________________________
>>>>>> Net-snmp-coders mailing list
>>>>>> Net-snmp-coders@lists.sourceforge.net
>>>>>> https://lists.sourceforge.net/lists/listinfo/net-snmp-coders
>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>>
>
------------------------------------------------------------------------------
Want fast and easy access to all the code in your enterprise? Index and
search up to 200,000 lines of code with a free copy of Black Duck
Code Sight - the same software that powers the world's largest code
search on Ohloh, the Black Duck Open Hub! Try it now.
http://p.sf.net/sfu/bds
_______________________________________________
Net-snmp-coders mailing list
Net-snmp-coders@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/net-snmp-coders
