> Am 07.02.2018 um 11:23 schrieb Martin Pieuchot <m...@openbsd.org>: > >> On 07/02/18(Wed) 01:37, Reyk Floeter wrote: >> >>>>> Am 02.01.2018 um 15:23 schrieb Martin Pieuchot <m...@openbsd.org>: >>>>> >>>>> On 19/12/17(Tue) 18:06, Marco Pfatschbacher wrote: >>>>> On Tue, Dec 19, 2017 at 12:43:48PM +0100, Martin Pieuchot wrote: >>>>> I'd like to see some information about my tunnels in my NMS. >>>> >>>> Nice. I would find that very useful :) >>>> >>>>> The problem is that there's not standard MIB for this and most vendor >>>>> MIBs are huge and are not easy to implement. >>>> >>>> What about https://tools.ietf.org/html/rfc4807 ? >>> >>> This MIB is about the "Policy Database Configuration" which, as far as I >>> understand, would be useful to export the content of isakmpd.policy(5). >> >> The Security Policy Database has nothing to do with isakmpd.policy or >> keynote. > > You forgot the word "Configuration". Here's what the RFC abstract says: > > "This document defines a Structure of Management Information Version 2 > (SMIv2) Management Information Base (MIB) module for configuring the > security policy database of a device implementing the IPsec protocol." >
It is still not related to isakmpd.policy ;) You could implement it as read-only: -- ReadOnly Compliances -- spdRuleFilterReadOnlyCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION "The compliance statement for SNMP entities that include an IPsec MIB implementation with Endpoint, Rules, and filters support. If this MIB is implemented without support for read-create (i.e., in read-only), it is not in full compliance, but it can claim read-only compliance. Such a device can then be monitored, but cannot be configured with this MIB." Reyk >> SPD is the standard term for what we call, for historic reasons, flows. In >> other words: an IPsec flow in OpenBSD is an IPsec policy in other operating >> systems. >> >> So RFC 4807 might be the right thing after all. > > I doubt it is, but I'm might have read the RFC differently than you did.
