Re: [m0n0wall] SNMP over IPSEC VPN possible?

From:	Peter Curran <peter at closeconsultants dot com>
To:	Joe Lagreca <lagreca at gmail dot com>, Chet Harvey <chet at pittech dot com>
Cc:	Monowall List <m0n0wall at lists dot m0n0 dot ch>
Subject:	Re: [m0n0wall] SNMP over IPSEC VPN possible?
Date:	Wed, 14 Jul 2004 19:24:48 +0100

In principle it should work fine, depending on how the VPN is defined.

If it is a simple tunnel for all traffic from IP address block A to IP address 
block B then it will carry any IP traffic.

SNMP uses UDP port 161

What I can't tell you is if there is any firewall config needed at the m0n0 
end to allow access to the actual m0n0 snmp agent.  (If it was OpenBSD it is 
a no brainer 'cause the traffic will come out of an enc(4) interface and you 
just set PF to allow the specific in from there to the SNMP agent on the 
loopback).  I have not (as yet) bothered to find out how IPsec VPNs work on 
FreeBSD - but a quick glance at the documentation will probably tell you.

Peter

On Wednesday 14 July 2004 18:28, Joe Lagreca wrote:
> I would rather not have to set something else up, since I already have
> a IPSEC VPN between the two locations.
>
> Does anyone know if SNMP can be used over an IPSEC VPN?
>
> Thanks.
>
> On Wed, 14 Jul 2004 11:07:19 -0400, Chet Harvey <chet at pittech dot com> wrote:
> > You could use stunnel as it is pretty light weight. We have it running
> > for syslog and SNMP to remote servers.
> >
> > One day I will get off my butt and make a php page for this
> > stuff....maybe Manuel can use it as part of the image.
> >
> > Quoting Joe Lagreca <lagreca at gmail dot com>:
> > > Please forgive me if this is an obvious question.
> > >
> > > Can SNMP be used over my IPSEC VPN?
> > >
> > > The reason I ask is I want to use MRTG on one end of my VPN to show
> > > the status of the m0n0 on the other end of the VPN.  I would rather
> > > SNMP run over the VPN than to open ports to the world on the remote
> > > m0n0.
> > >
> > > Thanks.
> > >
> > > JCL
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> > > For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> >
> > --
> > Chet Harvey
> > Pitbull Technologies <http://www.pittech.com/>
> > Protecting your Digital Assets
> > 703.407.7311
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.