search

etingof / snmpfwd

SNMP Proxy Forwarder
http://snmplabs.com/snmpfwd/
BSD 2-Clause "Simplified" License
67 stars 18 forks source link

Unknown SNMP engine ID encountered (on example config) #16

Closed aseques closed 7 years ago

aseques commented 7 years ago

I am trying to setup the connection from v3 to v1 (before changing more the config), but I am having issues with the current configuration.

I get this error when I try to walk the device snmpwalk -v3 -lauthPriv -u test-user -A authkey1 -X privkey1 127.0.0.1:1161 1.3

ERROR: SNMPv3 auth failure at 0.0.0.0:1161 from 127.0.0.1:42874 using snmp-usm-user "?": Unknown SNMP engine ID encountered ERROR: no route configured (SNMP request snmp-bind-address=0.0.0.0, snmp-peer-port=42874, server-snmp-credentials-id=snmp-credentials, server-snmp-context-id=any-context, snmp-peer-address=127.0.0.1, snmp-context-engine-id=0x0102030405070809, snmp-security-model=3, snmp-bind-port=1161, snmp-engine-id=0x0102030405070809, snmp-security-level=3, snmp-context-name=, snmp-security-name=test-user, server-snmp-peer-id=100, server-snmp-content-id=, snmp-transport-domain=1.3.6.1.6.1.1.100), matched keys: snmp-peer-id=100, snmp-context-id=any-context, snmp-credentials-id=snmp-credentials, snmp-content-id=None ERROR: no route configured (SNMP request snmp-bind-address=0.0.0.0, snmp-peer-port=42874, server-snmp-credentials-id=snmp-credentials, server-snmp-context-id=any-context, snmp-peer-address=127.0.0.1, snmp-context-engine-id=0x0102030405070809, snmp-security-model=3, snmp-bind-port=1161, snmp-engine-id=0x0102030405070809, snmp-security-level=3, snmp-context-name=, snmp-security-name=test-user, server-snmp-peer-id=100, server-snmp-content-id=, snmp-transport-domain=1.3.6.1.6.1.1.100), matched keys: snmp-peer-id=100, snmp-context-id=any-context, snmp-credentials-id=snmp-credentials, snmp-content-id=None

At the moment I only changed the bind to be 0.0.0.0 (on the server side) and the peer address to be an snmp enable device. The version I am currently using is the 0.2.1

etingof commented 7 years ago

Based on snmp-content-id=None I suspect your configuration does not match the SNMP command (GETNEXT) and/or OID you are trying to query what leads to undefined snmp-content-id and message routing failure.

Here's the snippet which should match everything:

content-group { snmp-pdu-type-pattern: .? snmp-pdu-oid-prefix-pattern-list: .?

snmp-content-id: any-content

}

I suppose the Unknown SNMP engine ID encountered error can be safely ignored -- it's part of SNMP engine ID auto discovery.

WDYT?

aseques commented 7 years ago

Sorry for my late reply, I tested today with your proposed changes, and there's no difference, see attached the configuration files I am using (you'll see that are mostly the same you provide)

client.txt server.txt

etingof commented 7 years ago

I believe you have a typo in the regexp:

snmp-pdu-oid-prefix-pattern-list: .?

It does not match any OID so it needs to be:

snmp-pdu-oid-prefix-pattern-list: .*?
aseques commented 7 years ago

Yay, it finally worked, I had to replace the community too because I am not using public, but it's working nicely now.