Setting advanced sha and aes for SNMPv3
-
Hello,
I use the latest current pfSense version, 2.7.0.
I installed the net-snmp package.
I noticed that when configuring a user for SNMPv3, there are the following "close" options to select from:
SNMPv3 USM User Configuration >
Authentication Type - either SHA or MD5 (which is counted as not secure anymore)
Privacy Protocol - either AES or DES or None (DES is also counted as non secure anymore)At the details for net-snmp at the Package Manager section, it is stated:
This package version: 0.1.5_11
Package Dependencies: net-snmp-5.9.1_3,1 (a link to https://www.freshports.org/net-mgmt/net-snmp)Per http://www.net-snmp.org/wiki/index.php/Strong_Authentication_or_Encryption - it looks like for both SHA and EAS, advanced and stronger versions are supported since version 5.8 of net-snmp (and the package use version 5.9.1).
So, my question is why these advance values are not reflected in the GUI of net-snmp?
Also, can I somehow configure this in the shell cli instead?
And if it is possible - will it not make any issues with the GUI of net-snmp or overall the snmp operation?Thanks!
-
The only reason they aren't there is because nobody has done the work to make sure they function and add them into the package.
As long as the new options function as expected it should be possible to add them in the package.
You can open a feature request to add them in Redmine: https://redmine.pfsense.org/projects/pfsense-packages/issues
-
@jimp Thanks for replying.
I opened at matching feature request at https://redmine.pfsense.org/issues/14901. Crossing my fingers... :)