Hello everybody,
i'm working on the integration of DTLS over SNMP in our network and currently testing it on my local machine which has Ubuntu 16.04 as an operating system. I am using the NET-SNMP 5.8-dev version (snapshot from today) since i had some issues compiling NET-SNMP 5.7.3 with OpenSSL.
First of all everything works fine, i followed the SNMP over DTLS tutorial created the certs and adjusted the configuration files, for example the following command:
snmpget -T our_identity=68:81:57:BE:22:FA:98:30:F2:6A:9E:97:86:F5:9C:48:76:73:08:08 -T their_identity=1A:E8:10:DA:D0:BB:29:AC:59:9D:36:99:3D:15:92:3C:6F:E4:4B:79 dtlsudp:192.168.2.89:10161 sysContact.0
Shows me this result:
SNMPv2-MIB::sysContact.0 = STRING: Me <m...@example.org>
Which is correct and i can also see and verify the DTLS handshake and data transfer in Wireshark.
The problem is now if i try to use IPv6 addresses, which i assume should work since the NET-SNMP news says the following, among other things:
"TLS/DTLS support:
- The SNMP over DTLS transport now properly supports IPv6"If i try something like the following command:snmpget -T our_identity=68:81:57:BE:22:FA:98:30:F2:6A:9E:97:86:F5:9C:48:76:73:08:08 -T their_identity=1A:E8:10:DA:D0:BB:29:AC:59:9D:36:99:3D:15:92:3C:6F:E4:4B:79 dtlsudp:[2001:db7:0:1::89]:10161 sysContact.0I get the following result:tsm: needed to free transport data
tsm: needed to free transport data
tsm: needed to free transport data
tsm: needed to free transport data
tsm: needed to free transport data
failed rfc5343 contextEngineID probing
snmpget: Timeout (Success)I can see in Wireshark that only the "Client Hello", and the "Hello Verify Request" messages are sent. After that a "Destination unreachable (Port unreachable)" message follows. I also tried different syntax variations but it is always the same.Since there is nothing equal like UDP and UDPIPv6 to DTLSUDP i assumed that it supported both IPv4 and IPv6.This is my current NET-SNMP configuration:./configure --enable-shared --enable-embedded-perl --with-perl-modules --enable-ipv6 --with-security-modules="tsm usm" --with-transports="UDP UDPIPv6 TCPIPv6 TCP DTLSUDP TLSTCP" --with-default-snmp-version=3 --with-logfile="/var/log/snmpd.log" --with-persistent-directory="/var/net-snmp" --with-openssl="/usr/local/ssl/lib"Do i miss something here? SNMPv3 with IPv4 and IPv6 adresses are working fine by the way, its just the SNMP over DTLS.I would be really grateful for some more information about the current status of DTLS and IPv6!Thank you very much in forward!Best regards,Kevin
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
