Discussion:
Encryption question
Marko Vucak
2016-07-14 10:54:27 UTC
Permalink
Hi



Having some problems with encryption.



I downloaded latest version: net-snmp-5.7.3



Then configured it with command:

*./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var
--libdir=/usr/lib --host=arm-v5te-linux-gnueabi --build=i686-host-linux-gnu
--enable-ipv6 --with-defaults --with-openssl=internal
--with-mib-modules=agentx,ucd_snmp --with-mibs
--with-logfile=/var/log/snmpd.log --with-persistent-directory=/var/net-snmp
--with-default-snmp-version=3 --enable-shared --enable-internal-md5
--with-endianness=little --enable-agentx-dom-sock-only --enable-agent
--enable-mibs --enable-snmpv1 --enable-snmpv2c --enable-snmpv3 --enable-des
--enable-md5 --enable-sha1 --enable-aes --enable-snmptrapd-subagent
--enable-mib-config-checking --enable-mfd-rewrites --disable-embedded-perl
--without-perl-modules --disable-testing-code --disable-developer*



Net-SNMP configuration summary said:

Authentication support: MD5 SHA1

Encryption support: DES AES


Then I made snmpd with make command.



When I execute command: snmpd -H 2>&1 | grep defPrivType

I get: defPrivType DES (AES support not available)



Why no support for AES when it was OK in configure?




I have following snmpd.conf


master agentx
#Network hint
com2sec local localhost public
com2sec mynetwork 169.254.1.0/24 public
#create views
view all included .1
# Add user
createUser myUser MD5 "12345678" DES abcdef
rwuser myUser
#ReadWrite group
group MyRWGroup usm local myUser
# For ALL_ACCESS view
access MyRWGroup "" usm auth exact all all all
Here, on command: *snmpd -H *i get error: *Unknown privacy protocol *
Why? When DES is enabled.
Is something wrong with my configuration?
Pushpa Thimmaiah
2016-07-19 07:12:26 UTC
Permalink
Hi Marko Vucak,

Paste result of 'net-snmp-config --config-options' .
Also add snmpv3mibs in option --with-mib-modules and recompile.


Thanks
Pushpa.T
Post by Marko Vucak
Hi
Having some problems with encryption.
I downloaded latest version: net-snmp-5.7.3
*./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var
--libdir=/usr/lib --host=arm-v5te-linux-gnueabi --build=i686-host-linux-gnu
--enable-ipv6 --with-defaults --with-openssl=internal
--with-mib-modules=agentx,ucd_snmp --with-mibs
--with-logfile=/var/log/snmpd.log --with-persistent-directory=/var/net-snmp
--with-default-snmp-version=3 --enable-shared --enable-internal-md5
--with-endianness=little --enable-agentx-dom-sock-only --enable-agent
--enable-mibs --enable-snmpv1 --enable-snmpv2c --enable-snmpv3 --enable-des
--enable-md5 --enable-sha1 --enable-aes --enable-snmptrapd-subagent
--enable-mib-config-checking --enable-mfd-rewrites --disable-embedded-perl
--without-perl-modules --disable-testing-code --disable-developer*
Authentication support: MD5 SHA1
Encryption support: DES AES
Then I made snmpd with make command.
When I execute command: snmpd -H 2>&1 | grep defPrivType
I get: defPrivType DES (AES support not available)
Why no support for AES when it was OK in configure?
I have following snmpd.conf
master agentx
#Network hint
com2sec local localhost public
com2sec mynetwork 169.254.1.0/24 public
#create views
view all included .1
# Add user
createUser myUser MD5 "12345678" DES abcdef
rwuser myUser
#ReadWrite group
group MyRWGroup usm local myUser
# For ALL_ACCESS view
access MyRWGroup "" usm auth exact all all all
Here, on command: *snmpd -H *i get error: *Unknown privacy protocol *
Why? When DES is enabled.
Is something wrong with my configuration?
------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and
traffic
patterns at an interface-level. Reveals which users, apps, and protocols
are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity
planning
reports.http://sdm.link/zohodev2dev
_______________________________________________
Net-snmp-users mailing list
https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Marko Vucak
2016-07-21 07:51:32 UTC
Permalink
Hi

Ok, so my configure command is now:

./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var
--libdir=/usr/lib --host=arm-v5te-linux-gnueabi
--build=i686-host-linux-gnu --enable-ipv6 --with-defaults
--with-openssl=internal --with-mib-modules=agentx,ucd_snmp,snmpv3mibs
--with-mibs --with-logfile=/var/log/snmpd.log
--with-persistent-directory=/var/net-snmp
--with-default-snmp-version=3 --enable-shared --enable-internal-md5
--with-endianness=little --enable-agentx-dom-sock-only --enable-agent
--enable-mibs --enable-snmpv1 --enable-snmpv2c --enable-snmpv3
--enable-des --enable-md5 --enable-sha1 --enable-aes
--enable-snmptrapd-subagent --enable-mib-config-checking
--enable-mfd-rewrites --disable-embedded-perl --without-perl-modules
--disable-testing-code --disable-developer



I get this at end of config command:

configure: WARNING: unrecognized options: --enable-snmpv3, --enable-sha1,
--enable-aes

---------------------------------------------------------
Net-SNMP configuration summary:
---------------------------------------------------------

SNMP Versions Supported: 1 2c 3
Building for: linux
Net-SNMP Version: 5.7.3
Network transport support: Callback Unix Alias TCP UDP TCPIPv6 UDPIPv6
IPv4Base SocketBase TCPBase UDPIPv4Base UDPBase IPv6Base
SNMPv3 Security Modules: usm
Agent Module list: mk/module_list_code.mk
Agent MIB code: agentx default_modules snmpv3mibs ucd_snmp =>
agentx/master agentx/subagent snmpv3mibs mibII ucd_snmp notification
notification-log-mib target agent_mibs agentx disman/event disman/schedule
utilities host snmpv3/snmpMPDStats_5_5 snmpv3/usmStats_5_5
snmpv3/snmpEngine snmpv3/usmConf snmpv3/usmUser ucd-snmp/disk_hw
ucd-snmp/proc ucd-snmp/versioninfo ucd-snmp/pass ucd-snmp/pass_persist
ucd-snmp/loadave agent/extend ucd-snmp/errormib ucd-snmp/file
ucd-snmp/dlmod ucd-snmp/proxy ucd-snmp/logmatch ucd-snmp/memory
ucd-snmp/vmstat
MYSQL Trap Logging: unavailable
Embedded Perl support: disabled
SNMP Perl modules: disabled
SNMP Python modules: disabled
Crypto support from: internal
Authentication support: MD5 SHA1
Encryption support: DES AES
Local DNSSEC validation: disabled


But when i execute command: net-snmp-config --config-options
I get only this line: '--with-perl-modules'

?

Best regards,
Marko



On Tue, Jul 19, 2016 at 9:12 AM, Pushpa Thimmaiah <
Post by Pushpa Thimmaiah
Hi
Paste result of 'net-snmp-config --config-options' .
Also add snmpv3mibs in option --with-mib-modules and recompile.
Thanks
Pushpa.T
Post by Marko Vucak
Hi
Having some problems with encryption.
I downloaded latest version: net-snmp-5.7.3
*./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var
--libdir=/usr/lib --host=arm-v5te-linux-gnueabi --build=i686-host-linux-gnu
--enable-ipv6 --with-defaults --with-openssl=internal
--with-mib-modules=agentx,ucd_snmp --with-mibs
--with-logfile=/var/log/snmpd.log --with-persistent-directory=/var/net-snmp
--with-default-snmp-version=3 --enable-shared --enable-internal-md5
--with-endianness=little --enable-agentx-dom-sock-only --enable-agent
--enable-mibs --enable-snmpv1 --enable-snmpv2c --enable-snmpv3 --enable-des
--enable-md5 --enable-sha1 --enable-aes --enable-snmptrapd-subagent
--enable-mib-config-checking --enable-mfd-rewrites --disable-embedded-perl
--without-perl-modules --disable-testing-code --disable-developer*
Authentication support: MD5 SHA1
Encryption support: DES AES
Then I made snmpd with make command.
When I execute command: snmpd -H 2>&1 | grep defPrivType
I get: defPrivType DES (AES support not available)
Why no support for AES when it was OK in configure?
I have following snmpd.conf
master agentx
#Network hint
com2sec local localhost public
com2sec mynetwork 169.254.1.0/24 public
#create views
view all included .1
# Add user
createUser myUser MD5 "12345678" DES abcdef
rwuser myUser
#ReadWrite group
group MyRWGroup usm local myUser
# For ALL_ACCESS view
access MyRWGroup "" usm auth exact all all all
Here, on command: *snmpd -H *i get error: *Unknown privacy protocol *
Why? When DES is enabled.
Is something wrong with my configuration?
------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and
traffic
patterns at an interface-level. Reveals which users, apps, and protocols
are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity
planning
reports.http://sdm.link/zohodev2dev
_______________________________________________
Net-snmp-users mailing list
https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Pushpa Thimmaiah
2016-07-22 08:51:24 UTC
Permalink
Hi ,

Configuration looks proper , fix warnings. According to my knowledge AES
depends on openssl package.

Thank you,
Pushpa.T
Hi
./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var --libdir=/usr/lib --host=arm-v5te-linux-gnueabi --build=i686-host-linux-gnu --enable-ipv6 --with-defaults --with-openssl=internal --with-mib-modules=agentx,ucd_snmp,snmpv3mibs --with-mibs --with-logfile=/var/log/snmpd.log --with-persistent-directory=/var/net-snmp --with-default-snmp-version=3 --enable-shared --enable-internal-md5 --with-endianness=little --enable-agentx-dom-sock-only --enable-agent --enable-mibs --enable-snmpv1 --enable-snmpv2c --enable-snmpv3 --enable-des --enable-md5 --enable-sha1 --enable-aes --enable-snmptrapd-subagent --enable-mib-config-checking --enable-mfd-rewrites --disable-embedded-perl --without-perl-modules --disable-testing-code --disable-developer
configure: WARNING: unrecognized options: --enable-snmpv3, --enable-sha1,
--enable-aes
---------------------------------------------------------
---------------------------------------------------------
SNMP Versions Supported: 1 2c 3
Building for: linux
Net-SNMP Version: 5.7.3
Network transport support: Callback Unix Alias TCP UDP TCPIPv6 UDPIPv6
IPv4Base SocketBase TCPBase UDPIPv4Base UDPBase IPv6Base
SNMPv3 Security Modules: usm
Agent Module list: mk/module_list_code.mk
Agent MIB code: agentx default_modules snmpv3mibs ucd_snmp =>
agentx/master agentx/subagent snmpv3mibs mibII ucd_snmp notification
notification-log-mib target agent_mibs agentx disman/event disman/schedule
utilities host snmpv3/snmpMPDStats_5_5 snmpv3/usmStats_5_5
snmpv3/snmpEngine snmpv3/usmConf snmpv3/usmUser ucd-snmp/disk_hw
ucd-snmp/proc ucd-snmp/versioninfo ucd-snmp/pass ucd-snmp/pass_persist
ucd-snmp/loadave agent/extend ucd-snmp/errormib ucd-snmp/file
ucd-snmp/dlmod ucd-snmp/proxy ucd-snmp/logmatch ucd-snmp/memory
ucd-snmp/vmstat
MYSQL Trap Logging: unavailable
Embedded Perl support: disabled
SNMP Perl modules: disabled
SNMP Python modules: disabled
Crypto support from: internal
Authentication support: MD5 SHA1
Encryption support: DES AES
Local DNSSEC validation: disabled
But when i execute command: net-snmp-config --config-options
I get only this line: '--with-perl-modules'
?
Best regards,
Marko
On Tue, Jul 19, 2016 at 9:12 AM, Pushpa Thimmaiah <
Post by Pushpa Thimmaiah
Hi
Paste result of 'net-snmp-config --config-options' .
Also add snmpv3mibs in option --with-mib-modules and recompile.
Thanks
Pushpa.T
Post by Marko Vucak
Hi
Having some problems with encryption.
I downloaded latest version: net-snmp-5.7.3
*./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var
--libdir=/usr/lib --host=arm-v5te-linux-gnueabi --build=i686-host-linux-gnu
--enable-ipv6 --with-defaults --with-openssl=internal
--with-mib-modules=agentx,ucd_snmp --with-mibs
--with-logfile=/var/log/snmpd.log --with-persistent-directory=/var/net-snmp
--with-default-snmp-version=3 --enable-shared --enable-internal-md5
--with-endianness=little --enable-agentx-dom-sock-only --enable-agent
--enable-mibs --enable-snmpv1 --enable-snmpv2c --enable-snmpv3 --enable-des
--enable-md5 --enable-sha1 --enable-aes --enable-snmptrapd-subagent
--enable-mib-config-checking --enable-mfd-rewrites --disable-embedded-perl
--without-perl-modules --disable-testing-code --disable-developer*
Authentication support: MD5 SHA1
Encryption support: DES AES
Then I made snmpd with make command.
When I execute command: snmpd -H 2>&1 | grep defPrivType
I get: defPrivType DES (AES support not available)
Why no support for AES when it was OK in configure?
I have following snmpd.conf
master agentx
#Network hint
com2sec local localhost public
com2sec mynetwork 169.254.1.0/24 public
#create views
view all included .1
# Add user
createUser myUser MD5 "12345678" DES abcdef
rwuser myUser
#ReadWrite group
group MyRWGroup usm local myUser
# For ALL_ACCESS view
access MyRWGroup "" usm auth exact all all all
Here, on command: *snmpd -H *i get error: *Unknown privacy protocol *
Why? When DES is enabled.
Is something wrong with my configuration?
------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and
traffic
patterns at an interface-level. Reveals which users, apps, and protocols
are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity
planning
reports.http://sdm.link/zohodev2dev
_______________________________________________
Net-snmp-users mailing list
https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Marko Vucak
2016-08-23 08:17:14 UTC
Permalink
Hi

Thank you, now i am able to get authentication but encryption is still not
working.

In snmpd.conf i have two users (on line 79 and 80):
createUser user1 MD5 "user1Password"
createUser user2 MD5 "user2Password" DES "user2Encryption"


When = execute command:
snmpd -H
I get error: /etc/snmp/snmpd.conf: line 80: Error: Unknown privacy protocol

I think that there is a DES support because i have this line:
defPrivType DES (AES support not available)

Where is the problem?






S poštovanjem,
Marko Vučak

mail: ***@gmail.com
mob: +385 91 8927911

On Fri, Jul 22, 2016 at 10:51 AM, Pushpa Thimmaiah <
Post by Pushpa Thimmaiah
Hi ,
Configuration looks proper , fix warnings. According to my knowledge AES
depends on openssl package.
Thank you,
Pushpa.T
Hi
./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var --libdir=/usr/lib --host=arm-v5te-linux-gnueabi --build=i686-host-linux-gnu --enable-ipv6 --with-defaults --with-openssl=internal --with-mib-modules=agentx,ucd_snmp,snmpv3mibs --with-mibs --with-logfile=/var/log/snmpd.log --with-persistent-directory=/var/net-snmp --with-default-snmp-version=3 --enable-shared --enable-internal-md5 --with-endianness=little --enable-agentx-dom-sock-only --enable-agent --enable-mibs --enable-snmpv1 --enable-snmpv2c --enable-snmpv3 --enable-des --enable-md5 --enable-sha1 --enable-aes --enable-snmptrapd-subagent --enable-mib-config-checking --enable-mfd-rewrites --disable-embedded-perl --without-perl-modules --disable-testing-code --disable-developer
configure: WARNING: unrecognized options: --enable-snmpv3, --enable-sha1,
--enable-aes
---------------------------------------------------------
---------------------------------------------------------
SNMP Versions Supported: 1 2c 3
Building for: linux
Net-SNMP Version: 5.7.3
Network transport support: Callback Unix Alias TCP UDP TCPIPv6 UDPIPv6
IPv4Base SocketBase TCPBase UDPIPv4Base UDPBase IPv6Base
SNMPv3 Security Modules: usm
Agent Module list: mk/module_list_code.mk
Agent MIB code: agentx default_modules snmpv3mibs ucd_snmp
=> agentx/master agentx/subagent snmpv3mibs mibII ucd_snmp notification
notification-log-mib target agent_mibs agentx disman/event disman/schedule
utilities host snmpv3/snmpMPDStats_5_5 snmpv3/usmStats_5_5
snmpv3/snmpEngine snmpv3/usmConf snmpv3/usmUser ucd-snmp/disk_hw
ucd-snmp/proc ucd-snmp/versioninfo ucd-snmp/pass ucd-snmp/pass_persist
ucd-snmp/loadave agent/extend ucd-snmp/errormib ucd-snmp/file
ucd-snmp/dlmod ucd-snmp/proxy ucd-snmp/logmatch ucd-snmp/memory
ucd-snmp/vmstat
MYSQL Trap Logging: unavailable
Embedded Perl support: disabled
SNMP Perl modules: disabled
SNMP Python modules: disabled
Crypto support from: internal
Authentication support: MD5 SHA1
Encryption support: DES AES
Local DNSSEC validation: disabled
But when i execute command: net-snmp-config --config-options
I get only this line: '--with-perl-modules'
?
Best regards,
Marko
On Tue, Jul 19, 2016 at 9:12 AM, Pushpa Thimmaiah <
Post by Pushpa Thimmaiah
Hi
Paste result of 'net-snmp-config --config-options' .
Also add snmpv3mibs in option --with-mib-modules and recompile.
Thanks
Pushpa.T
Post by Marko Vucak
Hi
Having some problems with encryption.
I downloaded latest version: net-snmp-5.7.3
*./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var
--libdir=/usr/lib --host=arm-v5te-linux-gnueabi --build=i686-host-linux-gnu
--enable-ipv6 --with-defaults --with-openssl=internal
--with-mib-modules=agentx,ucd_snmp --with-mibs
--with-logfile=/var/log/snmpd.log --with-persistent-directory=/var/net-snmp
--with-default-snmp-version=3 --enable-shared --enable-internal-md5
--with-endianness=little --enable-agentx-dom-sock-only --enable-agent
--enable-mibs --enable-snmpv1 --enable-snmpv2c --enable-snmpv3 --enable-des
--enable-md5 --enable-sha1 --enable-aes --enable-snmptrapd-subagent
--enable-mib-config-checking --enable-mfd-rewrites --disable-embedded-perl
--without-perl-modules --disable-testing-code --disable-developer*
Authentication support: MD5 SHA1
Encryption support: DES AES
Then I made snmpd with make command.
When I execute command: snmpd -H 2>&1 | grep defPrivType
I get: defPrivType DES (AES support not available)
Why no support for AES when it was OK in configure?
I have following snmpd.conf
master agentx
#Network hint
com2sec local localhost public
com2sec mynetwork 169.254.1.0/24 public
#create views
view all included .1
# Add user
createUser myUser MD5 "12345678" DES abcdef
rwuser myUser
#ReadWrite group
group MyRWGroup usm local myUser
# For ALL_ACCESS view
access MyRWGroup "" usm auth exact all all all
Here, on command: *snmpd -H *i get error: *Unknown privacy protocol *
Why? When DES is enabled.
Is something wrong with my configuration?
------------------------------------------------------------
------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and
traffic
patterns at an interface-level. Reveals which users, apps, and
protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity
planning
reports.http://sdm.link/zohodev2dev
_______________________________________________
Net-snmp-users mailing list
https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Loading...