Hi Bill
Followig is the detailed error statement:
trace: netsnmp_tdomain_transport_full(): snmp_transport.c, 478:
tdomain: tdomain_transport_full("snmp", "tlstcp:10.253.6.83", 0, "udp",
"[NIL]")
trace: find_tdomain(): snmp_transport.c, 430:
tdomain: Found domain "tlstcp" from specifier "tlstcp"
trace: netsnmp_lookup_default_target(): snmp_service.c, 400:
defaults: netsnmp_lookup_default_target("snmp", "tlstcp") -> ":10161"
trace: netsnmp_tdomain_transport_full(): snmp_transport.c, 601:
tdomain: trying domain "tlstcp" address "10.253.6.83" default address
":10161"
trace: netsnmp_sess_config_and_open_transport(): snmp_api.c, 1523:
snmp_sess: opening transport: 0
trace: netsnmp_sess_config_transport(): snmp_api.c, 1464:
snmp_sess: configuring transport
tls:config: their identity Agent-83
tls:config: our identity tutorial-joecool
trace: sslctx_client_setup(): transports/snmpTLSBaseDomain.c, 516:
sslctx_client: looking for local id: tutorial-joecool
cert:find:params: looking for identity(1) in MULTIPLE(0x200), hint 161398264
cert:find:params: looking for identity(1) in FINGERPRINT(0x2), hint
161398264
cert:find:params: hint = tutorial-joecool
cert:find:params: looking for identity(1) in FILE(0x1), hint 161398264
cert:find:params: hint = tutorial-joecool
9:cert:subset:found: 1 matches
cert:find:found: using cert tutorial-joecool.crt /
9b49604cc747f4481d319e1923ace1d783fc5b6c for identity(1)
(uses=identity+remote_peer (3))
cert:find:found: using cert tutorial-joecool.crt /
9b49604cc747f4481d319e1923ace1d783fc5b6c for identity(1)
(uses=identity+remote_peer (3))
trace: sslctx_client_setup(): transports/snmpTLSBaseDomain.c, 531:
sslctx_client: using public key: tutorial-joecool.crt
trace: sslctx_client_setup(): transports/snmpTLSBaseDomain.c, 533:
sslctx_client: using private key: tutorial-joecool.key
cert:find:params: looking for remote_peer(2) in MULTIPLE(0x200), hint
161503528
cert:find:params: looking for remote_peer(2) in FINGERPRINT(0x2), hint
161503528
cert:find:params: hint = Agent-83
cert:find:params: looking for remote_peer(2) in FILE(0x1), hint 161503528
cert:find:params: hint = Agent-83
9:cert:subset:found: 0 matches
trace: netsnmp_tlstcp_open(): transports/snmpTLSTCPDomain.c, 709:
tlstcp: connecting to tlstcp 10.253.6.83:10161
tlstcp: failed to ssl_connect
trace: netsnmp_sess_config_and_open_transport(): snmp_api.c, 1540:
*snmp_sess: couldn't interpret peername*
snmpget: Unknown host (tlstcp:10.253.6.83)
Thanks
sandhya
On Fri, Aug 1, 2014 at 10:01 AM, sandhya reddy <sr8...@gmail.com> wrote:
> Is there any way that we set the source port also when sending request??
>
> Thanks,
> Sandhya
>
>
> On Thu, Jul 31, 2014 at 6:30 PM, sandhya reddy <sr8...@gmail.com> wrote:
>
>> Hi Bill,
>>
>> I guess that SYN not getting any response is due to *firewall issue* at
>> our side
>>
>> 1) Now i've tried to setup one PC as Net-SNMP Agent and other as manager.
>> 2) On the PC which is an Agent i have started snmpd service on port 10161
>> using snmpd tlstcp:10161 command.
>> This port is in LISTEN state.
>> 3) I have generated certificate in Agent using net-snmp-cert command with
>> name as Agent-89. I give this name in snmpget request their_identity
>> parameter. Do i have to give the agent certificate name also when sending
>> snmpget request from manager? If so why?
>>
>> Command:
>> snmpget -T our_identity=tutorial-joecool -T their_identity=Agent-83 -t 10
>> tlstcp:<IP> sysUpTime.0
>> Inspite of these i get the error.
>>
>> t
>> *lstcp:Failed to SSl connect *
>>
>> *snmpget: Unknown host(Transport endpoint is not connected)*
>>
>>
>> I've tried on another PC and got different error
>>
>>
>>
>>
>>
>>
>>
>>
>> *No log handling enabled - using stderr logging tlstcp: failed to connect
>> to 10.253.6.83:10161 <http://10.253.6.83:10161>---- OpenSSL Related Errors:
>> ---- error: #33562734 (file bss_conn.c, line 269) Textual Error:
>> host=10.253.6.83:10161 <http://10.253.6.83:10161> error: #537342055 (file
>> bss_conn.c, line 273)---- End of OpenSSL Errors ----snmpget: Unknown host
>> (tlstcp:10.253.6.83) (Connection timed out)*
>>
>> Please help me with this setup.
>>
>> Firewall issue i can't resolve as of now. Please help me setting up agent
>> and manager locally
>>
>>
>>
>>
>> On Thu, Jul 31, 2014 at 2:10 PM, sandhya reddy <sr8...@gmail.com> wrote:
>>
>>> Hi Bill,
>>> I've understood bit better from your explanation.
>>> I'll follow that link.
>>> Conceptually, i understand the following. Please let me know whether
>>> I’m correct.
>>> 1)
>>> a) Net-SNMP tool can act as both SNMP manager and SNMP Agent.
>>> Or
>>> b) Net-SNMP tool acts as Manager only and test.net-snmp.org acts as
>>> Agent only?
>>>
>>> Which of a and b are correct.
>>>
>>> 2) test.net-snmp.org acts as agent and it has it's own certificate
>>> tutorial-agent. We have to use this cert if we retrieve info from
>>> test.net-snmp.org agent
>>>
>>> 3) tutorial-agent is a self signed certificate and tutorial-CA is a CA
>>> signed certificate for agent.
>>>
>>> 4) I have tried giving the command you gave. I get an error.
>>> $ snmpget -T our_identity=tutorial-joecool -T
>>> their_identity=tutorial-agent \
>>> > -t 10 tls:test.net-snmp.org sysUpTime.0
>>>
>>> *Error: *
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> *No log handling enabled - using stderr loggingtlstcp: failed to connect
>>> to test.net-snmp.org:10161 <http://test.net-snmp.org:10161> ---- OpenSSL
>>> Related Errors: ---- error: #33562734 (file bss_conn.c, line 269) Textual
>>> Error: host=test.net-snmp.org:10161 <http://test.net-snmp.org:10161> error:
>>> #537342055 (file bss_conn.c, line 273) ---- End of OpenSSL Errors
>>> ----snmpget: Unknown host (tls:test.net-snmp.org
>>> <http://test.net-snmp.org>) (Connection timed out)*
>>>
>>> Tried the above command with tlstcp:test.net-snmp.org also. But still
>>> the same error.
>>> I have also sniffed the traces.
>>> I can see SYN going out and retransmissions of SYN but don't get any
>>> response.
>>>
>>> 5) The request gets generated from random port. Is that fine or should
>>> it go from port 10161.
>>>
>>> And should we start any service like snmpd on port 10161.
>>>
>>> I assume snmpd is for snmp requests and snmptrapd is for traps. These
>>> are for receiving requests and traps. Only for receiving we need to start
>>> this service is what i understand
>>>
>>>
>>> Looking forward for your response ASAP.
>>>
>>> Thanks,
>>> sandhya
>>>
>>>
>>>
>>>
>>> On Fri, Jul 25, 2014 at 8:54 PM, Bill Fenner <fen...@gmail.com> wrote:
>>>
>>>> I followed the step by step directions from
>>>>
>>>> http://www.net-snmp.org/wiki/index.php/TUT:Using_TLS
>>>>
>>>> and got:
>>>>
>>>> $ snmpget -T our_identity=tutorial-joecool \
>>>> > -T their_identity=tutorial-agent \
>>>> > -t 10 tls:test.net-snmp.org sysUpTime.0
>>>> DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (1162098689) 134 days,
>>>> 12:03:06.89
>>>> $ snmpget -T our_identity=tutorial-joecool \
>>>> > -T trust_cert=tutorial-CA \
>>>> > -t 10 tls:test.net-snmp.org sysUpTime.0
>>>> DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (1162099339) 134 days,
>>>> 12:03:13.39
>>>> $ snmpget -T
>>>> our_identity=CD:74:45:C9:A3:A3:55:0A:6C:37:03:B2:49:38:B1:01:99:95:8E:43 \
>>>> > -T
>>>> their_identity=CA:B8:0A:B3:6B:4C:21:2A:F2:92:CD:0B:6B:DF:6A:9F:23:D6:30:4B
>>>> \
>>>> > tls:test.net-snmp.org sysContact.0
>>>> SNMPv2-MIB::sysContact.0 = STRING: Net-SNMP Coders <
>>>> net-snmp-coders@lists.sourceforge.net>
>>>>
>>>>
>>>> While you say you have the private key, you have the private key for
>>>> joecool, not for agent. You have to generate a key for your own local
>>>> agent, and that is the identity you'll need to use in the their_identity
>>>> argument.
>>>>
>>>> You use the net-snmp-cert command to manage/generate certs.
>>>>
>>>> Bill
>>>>
>>>>
>>>>
>>>> On Fri, Jul 25, 2014 at 7:32 AM, sandhya reddy <sr8...@gmail.com>
>>>> wrote:
>>>>
>>>>> Hi Bill,
>>>>>
>>>>> Glad to see your response.
>>>>> I have retrieved the entire certificate tar-ball
>>>>> http://www.net-snmp.org/tutorial/tutorial-5/certificates/tutorial-.snmp.tar.gz
>>>>> and uncompressed it.
>>>>> Initially, i tried to send the snmpget request to test.net-snmp.org
>>>>> using the certificates from the tutorial but it also failed giving error
>>>>> "Error finding client keys. Unable to create SSL context. Unknown host".
>>>>> Tutorial also gives the private keys. I have checked this in private
>>>>> folder
>>>>> of snmp
>>>>> If i try to send to the one in the tutirial test.net-snmp.org it
>>>>> should work right ?
>>>>>
>>>>> This is why i switched to the next setup.
>>>>> In this, i tried to setup Net-SNMP on two PCs using the same certs and
>>>>> keys in tutorial.
>>>>> When u pointed out regarding certs i realized that i'm doing it wrong.
>>>>> i should create the cert in both Manager and Agent and use these two when
>>>>> sending out snmpget request from Manger right?
>>>>>
>>>>> How do you create the certificates. Is there any link that follow
>>>>> steps to create certificates for Net-SNMP?
>>>>>
>>>>> Once again i thank you for giving response. I've been waiting for some
>>>>> response.
>>>>>
>>>>> Thanks,
>>>>> sandhya
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> On Thu, Jul 24, 2014 at 5:44 PM, Bill Fenner <fen...@gmail.com> wrote:
>>>>>
>>>>>> Did you configure the certificates properly? In particular, did you
>>>>>> configure the server with the private key? Since you're using the
>>>>>> fingerprints from the tutorial, but using your local server instead of
>>>>>> test.net-snmp.org, where did you get the private key? It's not part
>>>>>> of the published set of keys.
>>>>>>
>>>>>> Bill
>>>>>>
>>>>>>
>>>>>> On Wed, Jul 23, 2014 at 7:08 AM, sandhya reddy <sr8...@gmail.com>
>>>>>> wrote:
>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Hi Coders and Users,
>>>>>>>
>>>>>>> I've setup NET-SNMP 5.6.2.1 and configured tsm model.
>>>>>>> I've done this setup on two Ubuntu 14.04 PCs
>>>>>>> I'm trying to send out snmpget request over tlstcp:10161 The
>>>>>>> folowing are the steps i follow
>>>>>>> 1) Start snmpd using the command : snmpd tlstcp:10161
>>>>>>> 2) snmpget -T
>>>>>>> our_identity=CD:74:45:C9:A3:A3:55:0A:6C:37:03:B2:49:38:B1:01:99:95:8E:43
>>>>>>> -T
>>>>>>> their_identity=CA:B8:0A:B3:6B:4C:21:2A:F2:92:CD:0B:6B:DF:6A:9F:23:D6:30:4B
>>>>>>> tlstcp:<IPAddress>:10161
>>>>>>> sysContact.0
>>>>>>> I get an error "Failed to create SSL context".
>>>>>>> I'm debugging using wireshark sniffs and observe the following:
>>>>>>> In the process of sending out snmpget request, TCP connection is
>>>>>>> getting established (i see SYN, SYN/ACK and ACK)and i see PUSH data to
>>>>>>> the
>>>>>>> agent(which might be Client hello the next step from SNMP manager) for
>>>>>>> which agent is trying to tear down the TCP connection with FIN/ACK
>>>>>>>
>>>>>>> Please give me some inputs as to what is wrong that is'm doing.
>>>>>>> Please help me to get snmpget request working
>>>>>>>
>>>>>>>
>>>>>>> Thanks,
>>>>>>> Sandhya
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> ------------------------------------------------------------------------------
>>>>>>> Want fast and easy access to all the code in your enterprise? Index
>>>>>>> and
>>>>>>> search up to 200,000 lines of code with a free copy of Black Duck
>>>>>>> Code Sight - the same software that powers the world's largest code
>>>>>>> search on Ohloh, the Black Duck Open Hub! Try it now.
>>>>>>> http://p.sf.net/sfu/bds
>>>>>>> _______________________________________________
>>>>>>> Net-snmp-coders mailing list
>>>>>>> Net-snmp-coders@lists.sourceforge.net
>>>>>>> https://lists.sourceforge.net/lists/listinfo/net-snmp-coders
>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>>
>
------------------------------------------------------------------------------
Want fast and easy access to all the code in your enterprise? Index and
search up to 200,000 lines of code with a free copy of Black Duck
Code Sight - the same software that powers the world's largest code
search on Ohloh, the Black Duck Open Hub! Try it now.
http://p.sf.net/sfu/bds
_______________________________________________
Net-snmp-coders mailing list
Net-snmp-coders@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/net-snmp-coders
