Difference between revisions of "Using DTLS"
(→Configuring snmpd to Accept DTLS Connections) |
|||
| Line 3: | Line 3: | ||
== Generating X.509 Certificates == | == Generating X.509 Certificates == | ||
| − | == Configuring snmpd to Accept DTLS Connections == | + | == Configuring snmpd and snmptrapd to Accept DTLS Connections == |
| + | |||
| + | === Configuring Certificates === | ||
| + | |||
| + | The tokens for specifying which [[X.509]] certificates are configured in the [[snmp.conf]] file. '''Note: NOT''' the [[snmpd.conf]] file. The tokens are specific to all applications and thus belong in the ''snmp.conf'' file (without the "d"). If you wish to put them in the ''snmpd.conf'' file you can do so by prefixing the lines with ''[snmp]'', as described in the [[man:snmp_config]] manual page. | ||
| + | |||
| + | === Setting the Server's Certificate === | ||
| + | |||
| + | === Recognizing Client Certificates === | ||
| + | |||
| + | === Opening and Listening on a port === | ||
| + | |||
| + | [[snmpd]] and [[snmptrapd]] can both be configured to accept and process connections sent over DTLS. This is done on the command line using the ''dtls:'' addressing specifier. E.G. this: | ||
| + | |||
| + | snmpd dtls:9161 | ||
| + | |||
| + | tells snmpd to open port 9161 and listen for incoming SNMP over DTLS connections on it. | ||
== Configuring the Applications == | == Configuring the Applications == | ||
Tools like [[snmpget]], [[snmpwalk]] or anything that uses the core [[session]] structures within the main [[libnetsnmp|Net-Snmp library]] like the [[perl]] and [[python]] modules can make use of [[DTLS]] using the procedures described below. | Tools like [[snmpget]], [[snmpwalk]] or anything that uses the core [[session]] structures within the main [[libnetsnmp|Net-Snmp library]] like the [[perl]] and [[python]] modules can make use of [[DTLS]] using the procedures described below. | ||
Revision as of 18:01, 29 April 2009
SNMP over DTLS over UDP is supported in Net-SNMP 5.5 and beyond. This page describes what is necessary to configure the software to use it.
Contents
Generating X.509 Certificates
Configuring snmpd and snmptrapd to Accept DTLS Connections
Configuring Certificates
The tokens for specifying which X.509 certificates are configured in the snmp.conf file. Note: NOT the snmpd.conf file. The tokens are specific to all applications and thus belong in the snmp.conf file (without the "d"). If you wish to put them in the snmpd.conf file you can do so by prefixing the lines with [snmp], as described in the man:snmp_config manual page.
Setting the Server's Certificate
Recognizing Client Certificates
Opening and Listening on a port
snmpd and snmptrapd can both be configured to accept and process connections sent over DTLS. This is done on the command line using the dtls: addressing specifier. E.G. this:
snmpd dtls:9161
tells snmpd to open port 9161 and listen for incoming SNMP over DTLS connections on it.
Configuring the Applications
Tools like snmpget, snmpwalk or anything that uses the core session structures within the main Net-Snmp library like the perl and python modules can make use of DTLS using the procedures described below.
