Hi all,
By default, on Windows OS *net start "net-snmp agent"* command will start
the agent on udp port 161.
What is the procedure to run agent with tlstcp:10161 on Windows machine.
Also is there any specific link to follow the commands in Windows for
TLSTCP?
Please help me.
Thanks,
sandhya
On Fri, Aug 1, 2014 at 4:20 PM, sandhya reddy <sr8...@gmail.com> wrote:
> I've included the debug options when i run snmpd daemon from which also i
> can see errors.
>
> root@rootuser-Veriton-Series:/home/rootuser/projects/net-snmp-5.6.2.1# s*nmpd
> -f -Le -Dtsm,dtls,tls,openssl,cert tlstcp:10161*
>
> registered debug token tsm, 1
> registered debug token dtls, 1
> registered debug token tls, 1
> registered debug token openssl, 1
> registered debug token cert, 1
> tlstcp: registering TLS constructor
> dtlsudp: registering DTLS constructor
> tsm: registering ourselves
> tsm: returned 0
> cert:util:init: init
> cert:index:add: dir /usr/local/share/snmp/tls/private at index 2
> cert:index:add: dir /usr/local/share/snmp/tls/ca-certs at index 0
> cert:index:add: dir /home/rootuser/.snmp/tls/certs at index 4
> cert:index:add: dir /home/rootuser/.snmp/tls/private at index 5
> cert:index:add: dir /usr/local/share/snmp/tls/certs at index 1
> cert:index:add: dir /home/rootuser/.snmp/tls/ca-certs at index 3
> cert:index:dir: Scanning directory /usr/local/share/snmp/tls/ca-certs
> cert:index:lookup: /usr/local/share/snmp/tls/ca-certs (0)
> /var/net-snmp/cert_indexes/0
> cert:index:parse: The index for /usr/local/share/snmp/tls/ca-certs looks
> good
> cert:index:dir: Scanning directory /usr/local/share/snmp/tls/certs
> cert:index:lookup: /usr/local/share/snmp/tls/certs (1)
> /var/net-snmp/cert_indexes/1
> cert:index:parse: The index for /usr/local/share/snmp/tls/certs looks good
> cert:index:parse: added 3 certs from index
> cert:index:dir: Scanning directory /usr/local/share/snmp/tls/private
> cert:index:lookup: /usr/local/share/snmp/tls/private (2)
> /var/net-snmp/cert_indexes/2
> cert:index:parse: The index for /usr/local/share/snmp/tls/private looks
> good
> cert:key:struct:new: new key 0x0x94ba308 for snmp.key
> cert:key:struct:new: new key 0x0x94ba358 for tutorial-joecool.key
> cert:key:struct:new: new key 0x0x94ba3b8 for tutorial-agent.key
> cert:key:struct:new: new key 0x0x94ba410 for Agent-89.key
> cert:index:parse: added 4 certs from index
> cert:partner: Agent-89.crt match found!
> cert:partner: tutorial-agent.crt match found!
> cert:partner: tutorial-joecool.crt match found!
> cert:key:read: Checking file Agent-89.key
> cert:key:read: Checking file tutorial-agent.key
> cert:key:read: Checking file tutorial-joecool.key
> cert:dump: -------------------- Certificates -----------------
> cert:dump: cert Agent-89.crt in /usr/local/share/snmp/tls/certs
> cert:dump: type 1 flags 0x3 (identity+remote_peer)
> cert:dump: cert tutorial-agent.crt in /usr/local/share/snmp/tls/certs
> cert:dump: type 1 flags 0x3 (identity+remote_peer)
> cert:dump: cert tutorial-joecool.crt in /usr/local/share/snmp/tls/certs
> cert:dump: type 1 flags 0x3 (identity+remote_peer)
> cert:dump: key Agent-89.key in /usr/local/share/snmp/tls/private
> cert:dump: type 4 flags 0x1 (identity)
> cert:dump: key snmp.key in /usr/local/share/snmp/tls/private
> cert:dump: type 4 flags 0x1 (identity)
> cert:dump: key tutorial-agent.key in /usr/local/share/snmp/tls/private
> cert:dump: type 4 flags 0x1 (identity)
> cert:dump: key tutorial-joecool.key in /usr/local/share/snmp/tls/private
> cert:dump: type 4 flags 0x1 (identity)
> cert:dump: ------------------------ End ----------------------
> Warning: no access control information configured.
> (Config search path:
> /usr/local/etc/snmp:/usr/local/share/snmp:/usr/local/lib/snmp:/root/.snmp)
> It's unlikely this agent can serve any useful purpose in this state.
> Run "snmpconf -g basic_setup" to help you configure the snmpd.conf file
> for this agent.
> tlstcp: listening on tlstcp port 0.0.0.0:10161
>
>
>
>
>
> *---- OpenSSL Related Errors: ---- error: #33579106 (file b_sock.c, line
> 804) Textual Error: port='0.0.0.0:10161 <http://0.0.0.0:10161>' error:
> #537301109 (file b_sock.c, line 806)---- End of OpenSSL Errors ---- TLSTCP:
> Falied to do first accept on the TLS accept BIO*
> NET-SNMP version 5.6.2.1
>
>
>
> On Fri, Aug 1, 2014 at 10:30 AM, sandhya reddy <sr8...@gmail.com> wrote:
>
>> Hi Bill
>> Followig is the detailed error statement:
>>
>>
>> trace: netsnmp_tdomain_transport_full(): snmp_transport.c, 478:
>> tdomain: tdomain_transport_full("snmp", "tlstcp:10.253.6.83", 0, "udp",
>> "[NIL]")
>> trace: find_tdomain(): snmp_transport.c, 430:
>> tdomain: Found domain "tlstcp" from specifier "tlstcp"
>> trace: netsnmp_lookup_default_target(): snmp_service.c, 400:
>> defaults: netsnmp_lookup_default_target("snmp", "tlstcp") -> ":10161"
>> trace: netsnmp_tdomain_transport_full(): snmp_transport.c, 601:
>> tdomain: trying domain "tlstcp" address "10.253.6.83" default address
>> ":10161"
>> trace: netsnmp_sess_config_and_open_transport(): snmp_api.c, 1523:
>> snmp_sess: opening transport: 0
>> trace: netsnmp_sess_config_transport(): snmp_api.c, 1464:
>> snmp_sess: configuring transport
>> tls:config: their identity Agent-83
>> tls:config: our identity tutorial-joecool
>> trace: sslctx_client_setup(): transports/snmpTLSBaseDomain.c, 516:
>> sslctx_client: looking for local id: tutorial-joecool
>> cert:find:params: looking for identity(1) in MULTIPLE(0x200), hint
>> 161398264
>> cert:find:params: looking for identity(1) in FINGERPRINT(0x2), hint
>> 161398264
>> cert:find:params: hint = tutorial-joecool
>> cert:find:params: looking for identity(1) in FILE(0x1), hint 161398264
>> cert:find:params: hint = tutorial-joecool
>> 9:cert:subset:found: 1 matches
>> cert:find:found: using cert tutorial-joecool.crt /
>> 9b49604cc747f4481d319e1923ace1d783fc5b6c for identity(1)
>> (uses=identity+remote_peer (3))
>> cert:find:found: using cert tutorial-joecool.crt /
>> 9b49604cc747f4481d319e1923ace1d783fc5b6c for identity(1)
>> (uses=identity+remote_peer (3))
>> trace: sslctx_client_setup(): transports/snmpTLSBaseDomain.c, 531:
>> sslctx_client: using public key: tutorial-joecool.crt
>> trace: sslctx_client_setup(): transports/snmpTLSBaseDomain.c, 533:
>> sslctx_client: using private key: tutorial-joecool.key
>> cert:find:params: looking for remote_peer(2) in MULTIPLE(0x200), hint
>> 161503528
>> cert:find:params: looking for remote_peer(2) in FINGERPRINT(0x2), hint
>> 161503528
>> cert:find:params: hint = Agent-83
>> cert:find:params: looking for remote_peer(2) in FILE(0x1), hint 161503528
>> cert:find:params: hint = Agent-83
>> 9:cert:subset:found: 0 matches
>> trace: netsnmp_tlstcp_open(): transports/snmpTLSTCPDomain.c, 709:
>> tlstcp: connecting to tlstcp 10.253.6.83:10161
>> tlstcp: failed to ssl_connect
>> trace: netsnmp_sess_config_and_open_transport(): snmp_api.c, 1540:
>> *snmp_sess: couldn't interpret peername*
>>
>> snmpget: Unknown host (tlstcp:10.253.6.83)
>>
>>
>> Thanks
>> sandhya
>>
>>
>> On Fri, Aug 1, 2014 at 10:01 AM, sandhya reddy <sr8...@gmail.com> wrote:
>>
>>> Is there any way that we set the source port also when sending request??
>>>
>>> Thanks,
>>> Sandhya
>>>
>>>
>>> On Thu, Jul 31, 2014 at 6:30 PM, sandhya reddy <sr8...@gmail.com> wrote:
>>>
>>>> Hi Bill,
>>>>
>>>> I guess that SYN not getting any response is due to *firewall issue*
>>>> at our side
>>>>
>>>> 1) Now i've tried to setup one PC as Net-SNMP Agent and other as
>>>> manager.
>>>> 2) On the PC which is an Agent i have started snmpd service on port
>>>> 10161 using snmpd tlstcp:10161 command.
>>>> This port is in LISTEN state.
>>>> 3) I have generated certificate in Agent using net-snmp-cert command
>>>> with name as Agent-89. I give this name in snmpget request their_identity
>>>> parameter. Do i have to give the agent certificate name also when sending
>>>> snmpget request from manager? If so why?
>>>>
>>>> Command:
>>>> snmpget -T our_identity=tutorial-joecool -T their_identity=Agent-83 -t
>>>> 10 tlstcp:<IP> sysUpTime.0
>>>> Inspite of these i get the error.
>>>>
>>>> t
>>>> *lstcp:Failed to SSl connect *
>>>>
>>>> *snmpget: Unknown host(Transport endpoint is not connected)*
>>>>
>>>>
>>>> I've tried on another PC and got different error
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> *No log handling enabled - using stderr logging tlstcp: failed to
>>>> connect to 10.253.6.83:10161 <http://10.253.6.83:10161>---- OpenSSL Related
>>>> Errors: ---- error: #33562734 (file bss_conn.c, line 269) Textual Error:
>>>> host=10.253.6.83:10161 <http://10.253.6.83:10161> error: #537342055 (file
>>>> bss_conn.c, line 273)---- End of OpenSSL Errors ----snmpget: Unknown host
>>>> (tlstcp:10.253.6.83) (Connection timed out)*
>>>>
>>>> Please help me with this setup.
>>>>
>>>> Firewall issue i can't resolve as of now. Please help me setting up
>>>> agent and manager locally
>>>>
>>>>
>>>>
>>>>
>>>> On Thu, Jul 31, 2014 at 2:10 PM, sandhya reddy <sr8...@gmail.com>
>>>> wrote:
>>>>
>>>>> Hi Bill,
>>>>> I've understood bit better from your explanation.
>>>>> I'll follow that link.
>>>>> Conceptually, i understand the following. Please let me know whether
>>>>> I’m correct.
>>>>> 1)
>>>>> a) Net-SNMP tool can act as both SNMP manager and SNMP Agent.
>>>>> Or
>>>>> b) Net-SNMP tool acts as Manager only and test.net-snmp.org acts as
>>>>> Agent only?
>>>>>
>>>>> Which of a and b are correct.
>>>>>
>>>>> 2) test.net-snmp.org acts as agent and it has it's own certificate
>>>>> tutorial-agent. We have to use this cert if we retrieve info from
>>>>> test.net-snmp.org agent
>>>>>
>>>>> 3) tutorial-agent is a self signed certificate and tutorial-CA is a CA
>>>>> signed certificate for agent.
>>>>>
>>>>> 4) I have tried giving the command you gave. I get an error.
>>>>> $ snmpget -T our_identity=tutorial-joecool -T
>>>>> their_identity=tutorial-agent \
>>>>> > -t 10 tls:test.net-snmp.org sysUpTime.0
>>>>>
>>>>> *Error: *
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> *No log handling enabled - using stderr loggingtlstcp: failed to
>>>>> connect to test.net-snmp.org:10161 <http://test.net-snmp.org:10161> ----
>>>>> OpenSSL Related Errors: ---- error: #33562734 (file bss_conn.c, line 269)
>>>>> Textual Error: host=test.net-snmp.org:10161
>>>>> <http://test.net-snmp.org:10161> error: #537342055 (file bss_conn.c, line
>>>>> 273) ---- End of OpenSSL Errors ----snmpget: Unknown host
>>>>> (tls:test.net-snmp.org <http://test.net-snmp.org>) (Connection timed out)*
>>>>>
>>>>> Tried the above command with tlstcp:test.net-snmp.org also. But still
>>>>> the same error.
>>>>> I have also sniffed the traces.
>>>>> I can see SYN going out and retransmissions of SYN but don't get any
>>>>> response.
>>>>>
>>>>> 5) The request gets generated from random port. Is that fine or should
>>>>> it go from port 10161.
>>>>>
>>>>> And should we start any service like snmpd on port 10161.
>>>>>
>>>>> I assume snmpd is for snmp requests and snmptrapd is for traps. These
>>>>> are for receiving requests and traps. Only for receiving we need to start
>>>>> this service is what i understand
>>>>>
>>>>>
>>>>> Looking forward for your response ASAP.
>>>>>
>>>>> Thanks,
>>>>> sandhya
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> On Fri, Jul 25, 2014 at 8:54 PM, Bill Fenner <fen...@gmail.com> wrote:
>>>>>
>>>>>> I followed the step by step directions from
>>>>>>
>>>>>> http://www.net-snmp.org/wiki/index.php/TUT:Using_TLS
>>>>>>
>>>>>> and got:
>>>>>>
>>>>>> $ snmpget -T our_identity=tutorial-joecool \
>>>>>> > -T their_identity=tutorial-agent \
>>>>>> > -t 10 tls:test.net-snmp.org sysUpTime.0
>>>>>> DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (1162098689) 134
>>>>>> days, 12:03:06.89
>>>>>> $ snmpget -T our_identity=tutorial-joecool \
>>>>>> > -T trust_cert=tutorial-CA \
>>>>>> > -t 10 tls:test.net-snmp.org sysUpTime.0
>>>>>> DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (1162099339) 134
>>>>>> days, 12:03:13.39
>>>>>> $ snmpget -T
>>>>>> our_identity=CD:74:45:C9:A3:A3:55:0A:6C:37:03:B2:49:38:B1:01:99:95:8E:43
>>>>>> \
>>>>>> > -T
>>>>>> their_identity=CA:B8:0A:B3:6B:4C:21:2A:F2:92:CD:0B:6B:DF:6A:9F:23:D6:30:4B
>>>>>> \
>>>>>> > tls:test.net-snmp.org sysContact.0
>>>>>> SNMPv2-MIB::sysContact.0 = STRING: Net-SNMP Coders <
>>>>>> net-snmp-cod...@lists.sourceforge.net>
>>>>>>
>>>>>>
>>>>>> While you say you have the private key, you have the private key for
>>>>>> joecool, not for agent. You have to generate a key for your own local
>>>>>> agent, and that is the identity you'll need to use in the their_identity
>>>>>> argument.
>>>>>>
>>>>>> You use the net-snmp-cert command to manage/generate certs.
>>>>>>
>>>>>> Bill
>>>>>>
>>>>>>
>>>>>>
>>>>>> On Fri, Jul 25, 2014 at 7:32 AM, sandhya reddy <sr8...@gmail.com>
>>>>>> wrote:
>>>>>>
>>>>>>> Hi Bill,
>>>>>>>
>>>>>>> Glad to see your response.
>>>>>>> I have retrieved the entire certificate tar-ball
>>>>>>> http://www.net-snmp.org/tutorial/tutorial-5/certificates/tutorial-.snmp.tar.gz
>>>>>>> and uncompressed it.
>>>>>>> Initially, i tried to send the snmpget request to test.net-snmp.org
>>>>>>> using the certificates from the tutorial but it also failed giving error
>>>>>>> "Error finding client keys. Unable to create SSL context. Unknown host".
>>>>>>> Tutorial also gives the private keys. I have checked this in private
>>>>>>> folder
>>>>>>> of snmp
>>>>>>> If i try to send to the one in the tutirial test.net-snmp.org it
>>>>>>> should work right ?
>>>>>>>
>>>>>>> This is why i switched to the next setup.
>>>>>>> In this, i tried to setup Net-SNMP on two PCs using the same certs
>>>>>>> and keys in tutorial.
>>>>>>> When u pointed out regarding certs i realized that i'm doing it
>>>>>>> wrong. i should create the cert in both Manager and Agent and use these
>>>>>>> two
>>>>>>> when sending out snmpget request from Manger right?
>>>>>>>
>>>>>>> How do you create the certificates. Is there any link that follow
>>>>>>> steps to create certificates for Net-SNMP?
>>>>>>>
>>>>>>> Once again i thank you for giving response. I've been waiting for
>>>>>>> some response.
>>>>>>>
>>>>>>> Thanks,
>>>>>>> sandhya
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On Thu, Jul 24, 2014 at 5:44 PM, Bill Fenner <fen...@gmail.com>
>>>>>>> wrote:
>>>>>>>
>>>>>>>> Did you configure the certificates properly? In particular, did
>>>>>>>> you configure the server with the private key? Since you're using the
>>>>>>>> fingerprints from the tutorial, but using your local server instead of
>>>>>>>> test.net-snmp.org, where did you get the private key? It's not
>>>>>>>> part of the published set of keys.
>>>>>>>>
>>>>>>>> Bill
>>>>>>>>
>>>>>>>>
>>>>>>>> On Wed, Jul 23, 2014 at 7:08 AM, sandhya reddy <sr8...@gmail.com>
>>>>>>>> wrote:
>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Hi Coders and Users,
>>>>>>>>>
>>>>>>>>> I've setup NET-SNMP 5.6.2.1 and configured tsm model.
>>>>>>>>> I've done this setup on two Ubuntu 14.04 PCs
>>>>>>>>> I'm trying to send out snmpget request over tlstcp:10161 The
>>>>>>>>> folowing are the steps i follow
>>>>>>>>> 1) Start snmpd using the command : snmpd tlstcp:10161
>>>>>>>>> 2) snmpget -T
>>>>>>>>> our_identity=CD:74:45:C9:A3:A3:55:0A:6C:37:03:B2:49:38:B1:01:99:95:8E:43
>>>>>>>>> -T
>>>>>>>>> their_identity=CA:B8:0A:B3:6B:4C:21:2A:F2:92:CD:0B:6B:DF:6A:9F:23:D6:30:4B
>>>>>>>>> tlstcp:<IPAddress>:10161
>>>>>>>>> sysContact.0
>>>>>>>>> I get an error "Failed to create SSL context".
>>>>>>>>> I'm debugging using wireshark sniffs and observe the following:
>>>>>>>>> In the process of sending out snmpget request, TCP connection is
>>>>>>>>> getting established (i see SYN, SYN/ACK and ACK)and i see PUSH data
>>>>>>>>> to the
>>>>>>>>> agent(which might be Client hello the next step from SNMP manager) for
>>>>>>>>> which agent is trying to tear down the TCP connection with FIN/ACK
>>>>>>>>>
>>>>>>>>> Please give me some inputs as to what is wrong that is'm doing.
>>>>>>>>> Please help me to get snmpget request working
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Thanks,
>>>>>>>>> Sandhya
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> ------------------------------------------------------------------------------
>>>>>>>>> Want fast and easy access to all the code in your enterprise?
>>>>>>>>> Index and
>>>>>>>>> search up to 200,000 lines of code with a free copy of Black Duck
>>>>>>>>> Code Sight - the same software that powers the world's largest code
>>>>>>>>> search on Ohloh, the Black Duck Open Hub! Try it now.
>>>>>>>>> http://p.sf.net/sfu/bds
>>>>>>>>> _______________________________________________
>>>>>>>>> Net-snmp-coders mailing list
>>>>>>>>> net-snmp-cod...@lists.sourceforge.net
>>>>>>>>> https://lists.sourceforge.net/lists/listinfo/net-snmp-coders
>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>>
>
------------------------------------------------------------------------------
Infragistics Professional
Build stunning WinForms apps today!
Reboot your WinForms applications with our WinForms controls.
Build a bridge from your legacy apps to the future.
http://pubads.g.doubleclick.net/gampad/clk?id=153845071&iu=/4140/ostg.clktrk
_______________________________________________
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users
