Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Setting advanced sha and aes for SNMPv3

    SNMP
    2
    3
    498
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • W
      Wolfgangthegreat
      last edited by

      Hello,

      I use the latest current pfSense version, 2.7.0.

      I installed the net-snmp package.

      I noticed that when configuring a user for SNMPv3, there are the following "close" options to select from:
      SNMPv3 USM User Configuration >
      Authentication Type - either SHA or MD5 (which is counted as not secure anymore)
      Privacy Protocol - either AES or DES or None (DES is also counted as non secure anymore)

      At the details for net-snmp at the Package Manager section, it is stated:
      This package version: 0.1.5_11
      Package Dependencies: net-snmp-5.9.1_3,1 (a link to https://www.freshports.org/net-mgmt/net-snmp)

      Per http://www.net-snmp.org/wiki/index.php/Strong_Authentication_or_Encryption - it looks like for both SHA and EAS, advanced and stronger versions are supported since version 5.8 of net-snmp (and the package use version 5.9.1).

      So, my question is why these advance values are not reflected in the GUI of net-snmp?

      Also, can I somehow configure this in the shell cli instead?
      And if it is possible - will it not make any issues with the GUI of net-snmp or overall the snmp operation?

      Thanks!

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        The only reason they aren't there is because nobody has done the work to make sure they function and add them into the package.

        As long as the new options function as expected it should be possible to add them in the package.

        You can open a feature request to add them in Redmine: https://redmine.pfsense.org/projects/pfsense-packages/issues

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        W 1 Reply Last reply Reply Quote 1
        • W
          Wolfgangthegreat @jimp
          last edited by

          @jimp Thanks for replying.

          I opened at matching feature request at https://redmine.pfsense.org/issues/14901. Crossing my fingers... :)

          1 Reply Last reply Reply Quote 0
          • First post
            Last post