Hi ,

Thanks for the information Bill. So  --with-transports="DTLSUDP"
--with-security-modules="tsm" are not required but simply
--enable-blumenthal-aes

So I compiled the agent using the following configuration:

./configure  --disable-embedded-perl
                 --without-perl-modules with_endianness=big
                 --enable-mini-agent --with-default-snmp-version="3"
 --disable-debugging
                 --with-sys-contact="who@where"
--with-logfile="/var/log/snmp"
                 --with-transports="UDP TCP"
                 --enable-blumenthal-aes

In snmpd.conf I have:

   createUser user   MD5 "authpw-00"
   rwuser     user

   createUser user1  MD5 "authpw-00" AES "default-00"
   rwuser     user1

   createUser user2  MD5 "authpw-00" AES192 "default-00"
   rwuser     user2

1) The error message unknown privProtocol has disappeared from log file.
2) From the MIB browser, I do a GET on one of the OID using user  (noPriv)
and it works fine.
3) From the MIB browser, I do a GET on one of the OID using user2 using
AES-128 and it works fine .
4) From the MIB browser, I do a GET on one of the OID using user3 using
AES-192 and it DOES NOT work! I get the following error in the log file:

     security service 3 error parsing ScopedPDU

 What I am missing?

Thanks,
Simon




On Fri, Apr 6, 2018 at 8:49 PM, Bill Fenner <fen...@gmail.com> wrote:

> Simon,
>
> The USM AES192 and AES256 support is based upon an Internet Draft, which
> never became a standard - therefore, you have to pass
> "--enable-blumenthal-aes" to ./configure. (You don't have to enable TSM or
> the TLS transports; that's a whole different kettle of fish.)
>
>   Bill
>
>
> On Fri, Apr 6, 2018 at 12:01 PM, Simon Chamlian <simon.chaml...@mpbc.ca>
> wrote:
>
>> Thanks for the tip.
>>
>> I did compile with the following options:
>>
>>     --disable-embedded-perl
>>     --without-perl-modules with_endianness=big
>>     --enable-mini-agent
>>     --with-default-snmp-version="3"
>>     --enable-ipv6
>>     --disable-debugging
>>     --with-sys-contact="who@where"
>>     --with-logfile="/var/log/snmp"
>>
>> *--with-transports="DTLSUDP TLSTCP"     --with-security-modules="tsm" *
>>
>>
>> Still when I put
>>
>> createUser User2  MD5 "passwrd-00" AES192 (or AES-192) "default-00"
>>
>> I get an error message:
>>
>> snmpd.conf: line 27: Error: unknown privProtocol
>>
>> So does SNMP 5.8 support AES192 and AES256?
>> Is it another syntax I need in snmpd.conf?
>>
>> Thanks,
>>
>> S.
>>
>>
>>
>>
>> On Thu, Apr 5, 2018 at 5:14 PM, Keith Mendoza <panthe...@gmail.com>
>> wrote:
>>
>>> Simon,
>>> Those options have to be enabled in the configure options. I suggest
>>> building with the following configure options:
>>>     --with-transports="DTLSUDP" --with-security-modules="tsm"
>>>
>>> There might be other configure options that you need to make it work.
>>>
>>> Just note though that SNMPv3 RFC _does not_ specify AES192 and AES256;
>>> they specified some older algorithms that were "latest and greatest"
>>> at the time it was being drafted :(
>>>
>>> Thanks,
>>> Keith
>>> Thanks,
>>> Keith
>>>
>>>
>>> On Thu, Apr 5, 2018 at 1:54 PM, Simon Chamlian <simon.chaml...@mpbc.ca>
>>> wrote:
>>> >
>>> >
>>> >
>>> > Hi,
>>> >
>>> > Does Net-SNMP support AES192 or AES256?
>>> >
>>> > According to this link
>>> >
>>> > http://www.net-snmp.org/wiki/index.php/Strong_Authentication
>>> _or_Encryption
>>> >
>>> > The short answer is Yes, starting with release 5.8 AES193 and AES256
>>> are an
>>> > optional configure option.
>>> >
>>> > So I downloaded version 5.8.pre2 and tried:
>>> >
>>> >
>>> >   createUser user2  SHA "passwrd-00" AES192 "default-00"
>>> >   rwuser       user2
>>> >
>>> >   createUser user3  SHA "passwrd-00" AES256 "default-00"
>>> >   rwuser       user3
>>> >
>>> >
>>> > Does not work. I get an error:
>>> >   snmpd.conf: line 27: Error: unknown privProtocol
>>> >   snmpd.conf: line 31: Error: unknown privProtocol
>>> >
>>> > Any insight will be highly appreciated.
>>> >
>>> > S.
>>> >
>>> >
>>> >
>>> >
>>> > ------------------------------------------------------------
>>> ------------------
>>> > Check out the vibrant tech community on one of the world's most
>>> > engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>>> > _______________________________________________
>>> > Net-snmp-coders mailing list
>>> > Net-snmp-coders@lists.sourceforge.net
>>> > https://lists.sourceforge.net/lists/listinfo/net-snmp-coders
>>> >
>>>
>>
>>
>> ------------------------------------------------------------
>> ------------------
>> Check out the vibrant tech community on one of the world's most
>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>> _______________________________________________
>> Net-snmp-coders mailing list
>> Net-snmp-coders@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/net-snmp-coders
>>
>>
>
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Net-snmp-coders mailing list
Net-snmp-coders@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/net-snmp-coders

Reply via email to