Hi,
I have installed net-snmp-5.7.3 and openssl-1.0.1k on openSUSE 13.2
(Harlequin).
The snmptrapd gets TRAPS without displaying source and destination address.
Example :
2017-09-05 15:05:17 DTLSUDP: unknown [DTLSUDP: unknown]:
DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (12) 0:00:00.12
SNMPv2-MIB::snmpTrapOID.0
= OID: SNMPv2-MIB::coldStart SNMPv2-MIB::snmpTrapEnterprise.0 = OID:
NET-SNMP-MIB::netSnmpAgentOIDs.10
How can I get the IP address of the agent for traps and informs send over
DTLS?
Also, when I turn on the debug token -Ddtlsudp I don't see the actual
address/ports involved.
There was a same question asked a few years ago, but I don't see any fix
for this : https://sourceforge.net/p/net-snmp/mailman/message/26502380/
This issue is both for dtlsudp and tlstcp.
You can see my configuration files for manager below:
snmptrapd.conf
============================================================
===========================
authCommunity log,execute,net public
snmpTrapdAddr dtlsudp:10162,tlstcp:10162,udp:162,tcp:162
authUser log,execute,net -s tsm traptest
traphandle default /var/log/snmptrap.log
[snmp] localCert 4D:34:BE:BC:74:F7:6D:B2:E8:49:5B:CA:E7:7E:8E:AC:93:36:42:55
[snmp] peerCert 3E:BC:1A:11:DE:6C:2B:1A:9D:A8:C0:D3:22:6E:A8:04:72:C1:2C:27
[snmp] trustCert F8:59:42:46:C9:D0:D8:F7:19:80:45:73:F3:28:38:98:C8:C8:FA:57
certSecName 20 4D:34:BE:BC:74:F7:6D:B2:E8:49:5B:CA:E7:7E:8E:AC:93:36:42:55
--sn traptest
certSecName 20 3E:BC:1A:11:DE:6C:2B:1A:9D:A8:C0:D3:22:6E:A8:04:72:C1:2C:27
--sn traptest
certSecName 20 F8:59:42:46:C9:D0:D8:F7:19:80:45:73:F3:28:38:98:C8:C8:FA:57
--sn traptest
snmpd.conf
============================================================
============================
rwuser -s tsm "traptest"
rocommunity public localhost
agentXSocket tcp:localhost:705,udp:localhost:705
master agentx
agentaddress udp:161,tcp:161,dtlsudp:10161,tlstcp:10161
[snmp] localCert 4D:34:BE:BC:74:F7:6D:B2:E8:49:5B:CA:E7:7E:8E:AC:93:36:42:55
[snmp] peerCert 3E:BC:1A:11:DE:6C:2B:1A:9D:A8:C0:D3:22:6E:A8:04:72:C1:2C:27
[snmp] trustCert F8:59:42:46:C9:D0:D8:F7:19:80:
45:73:F3:28:38:98:C8:C8:FA:57
certSecName 20 3E:BC:1A:11:DE:6C:2B:1A:9D:A8:C0:D3:22:6E:A8:04:72:C1:2C:27
--sn traptest
certSecName 20 F8:59:42:46:C9:D0:D8:F7:19:80:45:73:F3:28:38:98:C8:C8:FA:57
--sn traptest
certSecName 20 4D:34:BE:BC:74:F7:6D:B2:E8:49:5B:CA:E7:7E:8E:AC:93:36:42:55
--sn traptest
A section from the log file:
dtlsudp: received 189 raw bytes on way to dtls
dtlsudp: starting a new connection
dtlsudp: received 61 raw bytes on way to dtls
dtlsudp: received 204 raw bytes on way to dtls
dtlsudp: starting a new connection
dtlsudp:cookie: generating cookie...
dtlsudp: have 48 bytes to send
dtlsudp: received 224 raw bytes on way to dtls
dtlsudp:cookie: verify cookie: 1
dtlsudp: have 2945 bytes to send
dtlsudp: received 3510 raw bytes on way to dtls
dtlsudp: have 1664 bytes to send
dtlsudp: received 189 raw bytes on way to dtls
dtlsudp: received 127 decoded bytes from dtls
dtlsudp: Verified the client's certificate
I would really appreciate your help.
Regards,
Stephanie
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users
