Hi ,
Thanks for the information Bill. So --with-transports="DTLSUDP"
--with-security-modules="tsm" are not required but simply
--enable-blumenthal-aes
So I compiled the agent using the following configuration:
./configure --disable-embedded-perl
--without-perl-modules with_endianness=big
--enable-mini-agent --with-default-snmp-version="3"
--disable-debugging
--with-sys-contact="who@where"
--with-logfile="/var/log/snmp"
--with-transports="UDP TCP"
--enable-blumenthal-aes
In snmpd.conf I have:
createUser user MD5 "authpw-00"
rwuser user
createUser user1 MD5 "authpw-00" AES "default-00"
rwuser user1
createUser user2 MD5 "authpw-00" AES192 "default-00"
rwuser user2
1) The error message unknown privProtocol has disappeared from log file.
2) From the MIB browser, I do a GET on one of the OID using user (noPriv)
and it works fine.
3) From the MIB browser, I do a GET on one of the OID using user2 using
AES-128 and it works fine .
4) From the MIB browser, I do a GET on one of the OID using user3 using
AES-192 and it DOES NOT work! I get the following error in the log file:
security service 3 error parsing ScopedPDU
What I am missing?
Thanks,
Simon
On Fri, Apr 6, 2018 at 8:49 PM, Bill Fenner <fen...@gmail.com> wrote:
> Simon,
>
> The USM AES192 and AES256 support is based upon an Internet Draft, which
> never became a standard - therefore, you have to pass
> "--enable-blumenthal-aes" to ./configure. (You don't have to enable TSM or
> the TLS transports; that's a whole different kettle of fish.)
>
> Bill
>
>
> On Fri, Apr 6, 2018 at 12:01 PM, Simon Chamlian <simon.chaml...@mpbc.ca>
> wrote:
>
>> Thanks for the tip.
>>
>> I did compile with the following options:
>>
>> --disable-embedded-perl
>> --without-perl-modules with_endianness=big
>> --enable-mini-agent
>> --with-default-snmp-version="3"
>> --enable-ipv6
>> --disable-debugging
>> --with-sys-contact="who@where"
>> --with-logfile="/var/log/snmp"
>>
>> *--with-transports="DTLSUDP TLSTCP" --with-security-modules="tsm" *
>>
>>
>> Still when I put
>>
>> createUser User2 MD5 "passwrd-00" AES192 (or AES-192) "default-00"
>>
>> I get an error message:
>>
>> snmpd.conf: line 27: Error: unknown privProtocol
>>
>> So does SNMP 5.8 support AES192 and AES256?
>> Is it another syntax I need in snmpd.conf?
>>
>> Thanks,
>>
>> S.
>>
>>
>>
>>
>> On Thu, Apr 5, 2018 at 5:14 PM, Keith Mendoza <panthe...@gmail.com>
>> wrote:
>>
>>> Simon,
>>> Those options have to be enabled in the configure options. I suggest
>>> building with the following configure options:
>>> --with-transports="DTLSUDP" --with-security-modules="tsm"
>>>
>>> There might be other configure options that you need to make it work.
>>>
>>> Just note though that SNMPv3 RFC _does not_ specify AES192 and AES256;
>>> they specified some older algorithms that were "latest and greatest"
>>> at the time it was being drafted :(
>>>
>>> Thanks,
>>> Keith
>>> Thanks,
>>> Keith
>>>
>>>
>>> On Thu, Apr 5, 2018 at 1:54 PM, Simon Chamlian <simon.chaml...@mpbc.ca>
>>> wrote:
>>> >
>>> >
>>> >
>>> > Hi,
>>> >
>>> > Does Net-SNMP support AES192 or AES256?
>>> >
>>> > According to this link
>>> >
>>> > http://www.net-snmp.org/wiki/index.php/Strong_Authentication
>>> _or_Encryption
>>> >
>>> > The short answer is Yes, starting with release 5.8 AES193 and AES256
>>> are an
>>> > optional configure option.
>>> >
>>> > So I downloaded version 5.8.pre2 and tried:
>>> >
>>> >
>>> > createUser user2 SHA "passwrd-00" AES192 "default-00"
>>> > rwuser user2
>>> >
>>> > createUser user3 SHA "passwrd-00" AES256 "default-00"
>>> > rwuser user3
>>> >
>>> >
>>> > Does not work. I get an error:
>>> > snmpd.conf: line 27: Error: unknown privProtocol
>>> > snmpd.conf: line 31: Error: unknown privProtocol
>>> >
>>> > Any insight will be highly appreciated.
>>> >
>>> > S.
>>> >
>>> >
>>> >
>>> >
>>> > ------------------------------------------------------------
>>> ------------------
>>> > Check out the vibrant tech community on one of the world's most
>>> > engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>>> > _______________________________________________
>>> > Net-snmp-coders mailing list
>>> > Net-snmp-coders@lists.sourceforge.net
>>> > https://lists.sourceforge.net/lists/listinfo/net-snmp-coders
>>> >
>>>
>>
>>
>> ------------------------------------------------------------
>> ------------------
>> Check out the vibrant tech community on one of the world's most
>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>> _______________________________________________
>> Net-snmp-coders mailing list
>> Net-snmp-coders@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/net-snmp-coders
>>
>>
>
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Net-snmp-coders mailing list
Net-snmp-coders@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/net-snmp-coders