-
Notifications
You must be signed in to change notification settings - Fork 2
DTLS
DTLS stands for "Datagram Transport Layer Security" and is a method of sending TLS packets over datagram based protocols like UDP and SCTP. It is defined in RFC4357. It uses X.509 certificates for authenticating both sides of the connection.
Net-SNMP 5.6 and above contains full support for SNMP over TLS and DTLS (RFC5953). This support is not enabled by default in release 5.6. The configure arguments needed to enable support are here.
Net-SNMP 5.5 had experimental code added while the RFC was being drafted. The final RFC has some differences that are incompatible with the experimental code in release 5.5, so 5.5 code will not interoperate with the code in release 5.6
The Net-SNMP test server is publicly available for SNMP testing. Once you have Net-SNMP release 5.6 or later installed, you can download and install the certificates needed to test secure DTLS communications to the test server. The tutorial can be found at Using TLS.
If you would like to set up certificates for your Net-SNMP agent(s), instructions can be found on the Using DTLS page.
If you are developing your own DTLS implementation, we have some notes about some issues we ran into with using OpenSSL for supporting SNMP over DTLS within Net-SNMP. They can be found on the DTLS Implementation Notes page.