518 lines
20 KiB
Plaintext
518 lines
20 KiB
Plaintext
-- This file is corresponding to Release 9.1.10.101 from 2014/08/11 00:00:00
|
|
|
|
|
|
-- $RCSfile: mib-stunnel,v $
|
|
-- $Revision: 1.15 $
|
|
-- $Date: 2014-02-07 10:37:50 $
|
|
--------------------------------------------------------------------------
|
|
|
|
|
|
BINTEC-STUNNEL-MIB DEFINITIONS ::= BEGIN
|
|
|
|
IMPORTS
|
|
MODULE-IDENTITY, OBJECT-TYPE, NOTIFICATION-TYPE,
|
|
Integer32, Unsigned32, Counter32, Counter64, IpAddress, TimeTicks,
|
|
mib-2, enterprises
|
|
FROM SNMPv2-SMI
|
|
|
|
DisplayString, TimeStamp
|
|
FROM SNMPv2-TC
|
|
|
|
security, Date, BitValue, HexValue
|
|
FROM BINTEC-MIB
|
|
|
|
MODULE-COMPLIANCE, OBJECT-GROUP, NOTIFICATION-GROUP
|
|
FROM SNMPv2-CONF;
|
|
|
|
|
|
sTunnelMIB MODULE-IDENTITY
|
|
LAST-UPDATED "2007061100Z"
|
|
ORGANIZATION "bintec elmeg GmbH"
|
|
CONTACT-INFO
|
|
"EMail: info@bintec-elmeg.com
|
|
Web: www.bintec-elmeg.com
|
|
"
|
|
DESCRIPTION
|
|
"MIB for STunnel daemon"
|
|
REVISION "2007061100Z"
|
|
DESCRIPTION
|
|
"STunnel MIB."
|
|
::= { security 12 }
|
|
|
|
sTunnel OBJECT IDENTIFIER ::= { sTunnelMIB 1 }
|
|
|
|
sTunnelAdm OBJECT IDENTIFIER ::= { sTunnel 1 }
|
|
sTunnelAdmStatus OBJECT-TYPE
|
|
SYNTAX INTEGER { up(1), down(2) }
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The AdminStatus of STunnel overall. This means if this Status
|
|
is set to 'down' no tunnel will be established. So it doesn't
|
|
matter if a single tunnel is set to AdminStatus 'down' or 'up'.
|
|
In case of 'up' it depends on the single tunnel whether it is
|
|
established or not.
|
|
"
|
|
DEFVAL { down }
|
|
::= { sTunnelAdm 1 }
|
|
|
|
sTunnelAdmMaxTunnels OBJECT-TYPE
|
|
SYNTAX INTEGER (0..65535)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The maximum of RUNNING tunnels in the system.
|
|
"
|
|
DEFVAL { 10 }
|
|
::= { sTunnelAdm 2 }
|
|
|
|
sTunnelAdmRunningTunnels OBJECT-TYPE
|
|
SYNTAX INTEGER (0..65535)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of running tunnels at the moment.
|
|
"
|
|
DEFVAL { 0 }
|
|
::= { sTunnelAdm 3 }
|
|
|
|
sTunnelAdmKeepAliveRetries OBJECT-TYPE
|
|
SYNTAX INTEGER (0..255)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The maximum number of TCP keepalive retries sent before
|
|
the (SSL) TCP connection is closed as it is suggested that
|
|
the remote side isn't reachable anymore. The default value is
|
|
0 which takes the default number of retries of TCP.
|
|
"
|
|
DEFVAL { 0 }
|
|
::= { sTunnelAdm 4 }
|
|
|
|
sTunnelAdmKeepAliveTimeout OBJECT-TYPE
|
|
SYNTAX INTEGER (0..65535)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The timeout (in seconds) of a TCP keepalive try. If no answer is
|
|
received within this time another retry will be sent. The default
|
|
value is 0 which takes the default keepalive retry timeout of TCP.
|
|
"
|
|
DEFVAL { 0 }
|
|
::= { sTunnelAdm 5 }
|
|
|
|
sTunnelTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF STunnelEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The StunnelTable holds single Stunnel peers.
|
|
"
|
|
::= { sTunnel 2 }
|
|
|
|
sTunnelEntry OBJECT-TYPE
|
|
SYNTAX STunnelEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A single Stunnel entry e.g. a Stunnel peer.
|
|
"
|
|
INDEX { sTunnelIndex }
|
|
::= { sTunnelTable 1 }
|
|
|
|
STunnelEntry ::=
|
|
SEQUENCE {
|
|
sTunnelIndex INTEGER,
|
|
sTunnelAdminStatus INTEGER,
|
|
sTunnelDescription DisplayString,
|
|
sTunnelExternalIp IpAddress,
|
|
sTunnelExternalPort INTEGER,
|
|
sTunnelExternalMode INTEGER,
|
|
sTunnelInternalIp IpAddress,
|
|
sTunnelInternalPort INTEGER,
|
|
sTunnelInternalMode INTEGER,
|
|
sTunnelPrivateToken OCTET STRING,
|
|
sTunnelVerifyPeer INTEGER,
|
|
sTunnelCertificateIdx INTEGER,
|
|
sTunnelCACertificateIdx INTEGER,
|
|
sTunnelRemoteCertSubject DisplayString,
|
|
sTunnelRemoteCertSerialNo DisplayString,
|
|
sTunnelRemoteCertDns DisplayString,
|
|
sTunnelCertificateStatus INTEGER,
|
|
sTunnelRetries INTEGER,
|
|
sTunnelRetryTime INTEGER,
|
|
sTunnelMaxRetries INTEGER,
|
|
sTunnelReopenDelay INTEGER,
|
|
sTunnelShortHold INTEGER,
|
|
sTunnelDebug INTEGER,
|
|
sTunnelLastStatusChange TimeTicks,
|
|
sTunnelRxBytes Counter32,
|
|
sTunnelTxBytes Counter32,
|
|
sTunnelTCPConnections INTEGER,
|
|
sTunnelStatus INTEGER
|
|
}
|
|
|
|
sTunnelIndex OBJECT-TYPE
|
|
SYNTAX INTEGER (0..65535)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The Index gives (should give) an unique ID for the STunnel.
|
|
"
|
|
DEFVAL { 0 }
|
|
::= { sTunnelEntry 1 }
|
|
|
|
sTunnelAdminStatus OBJECT-TYPE
|
|
SYNTAX INTEGER { up(1), down(2), delete(3) }
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The AdminStatus of one entry declares whether this peer should
|
|
be established (up) or not (down). In case of setting the AdminStatus
|
|
to 'delete' the entry will be deleted.
|
|
"
|
|
DEFVAL { up }
|
|
::= { sTunnelEntry 2 }
|
|
|
|
sTunnelDescription OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..32))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The description of the Stunnel. Is only for giving each tunnel
|
|
a name but has no further meaning e.g. function.
|
|
"
|
|
::= { sTunnelEntry 3 }
|
|
|
|
sTunnelExternalIp OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This field holds the IP to or from which the SSL connection
|
|
will be established. If it is set (not 0) in
|
|
ExternalMode_server the remote IP (incoming connection) is
|
|
checked against ExternalIp. The default value is 0.0.0.0 .
|
|
"
|
|
DEFVAL { '00000000'H }
|
|
::= { sTunnelEntry 4 }
|
|
|
|
sTunnelExternalPort OBJECT-TYPE
|
|
SYNTAX INTEGER (0..65535)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The port of the external connection. In ExternalMode client
|
|
it defines the port it is connected to and in ExternalMode server
|
|
it defines the port it is listened on for incoming connections.
|
|
"
|
|
::= { sTunnelEntry 5 }
|
|
|
|
sTunnelExternalMode OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
client(1),
|
|
server(2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The ExternalMode declares whether the system is server or client
|
|
to the outside e.g. SSL connection.
|
|
"
|
|
DEFVAL { client }
|
|
::= { sTunnelEntry 6 }
|
|
|
|
sTunnelInternalIp OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The InternalIp default value is 127.0.0.1 (localhost).
|
|
That means that the internal stunnel endpoint is the system
|
|
itself and connects to an internal service
|
|
(telnet,snmp,syslog). In special cases it is possible to
|
|
to tunnel a service from a host on the local subnet. Therefore
|
|
it is necessary to define the IP of the local subnet host here.
|
|
If the InternalMode is server and InternalIp is set (not 0)
|
|
it is checked whether InternalIp matches
|
|
the remote IP (incoming connection).
|
|
"
|
|
DEFVAL { '7f000001'H }
|
|
::= { sTunnelEntry 7 }
|
|
|
|
sTunnelInternalPort OBJECT-TYPE
|
|
SYNTAX INTEGER (0..65535)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The port on which will be connected internally in InternalMode client or
|
|
on which will be listened on for an incoming connection.
|
|
"
|
|
::= { sTunnelEntry 8 }
|
|
|
|
sTunnelInternalMode OBJECT-TYPE
|
|
SYNTAX INTEGER { client(1), server(2) }
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The InternalMode declares whether the system is server or client
|
|
to the inside connection (NON-SSL connection).
|
|
"
|
|
DEFVAL { client }
|
|
::= { sTunnelEntry 9 }
|
|
|
|
sTunnelPrivateToken OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE (0..16))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The PrivateToken is sent with the first packet as soon as
|
|
the connection is established. It is used if the remote side
|
|
wants to receive several connections on the same port and therefore
|
|
needs a token to associate the connection.
|
|
"
|
|
::= { sTunnelEntry 10 }
|
|
|
|
sTunnelVerifyPeer OBJECT-TYPE
|
|
SYNTAX INTEGER { none(1), normal(2), high(3),
|
|
very-high(4), accept-self-signed(5) }
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"If VerifyPeer is set to 'none'(1) no SSL verification is done.
|
|
Setting VerifyPeer to 'normal'(2) a normal SSL verification is done
|
|
(certificates are checked). If it is set to 'high'(3) also the
|
|
subjectname of the remote side's certificate will be checked and
|
|
SSL connection will be cancelled if it doesn't match
|
|
to RemoteCertSubject. In case of VerifyPeer is set to 'very_high'
|
|
beside the RemoteCertSubject also the SerialNumber of the certificate
|
|
is checked to be equal or greater than RemoteCertSerialNo and
|
|
the DNS attribute (withing the subject alternative names)
|
|
is checked to be equal against RemoteCertDns (if it is configured
|
|
else no check against this variable is done).
|
|
If VerifyPeer is set to 'accept-self-signed'(5)
|
|
a 'normal' verification is done but self signed certificates
|
|
will be accepted, too.
|
|
"
|
|
DEFVAL { normal }
|
|
::= { sTunnelEntry 11 }
|
|
|
|
sTunnelCertificateIdx OBJECT-TYPE
|
|
SYNTAX INTEGER (0..65535)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The (row) index of the CertTable holding the wanted peer certificate
|
|
for the connection.
|
|
"
|
|
::= { sTunnelEntry 12 }
|
|
|
|
sTunnelCACertificateIdx OBJECT-TYPE
|
|
SYNTAX INTEGER (0..65535)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The (row) index of the CertTable holding the wanted/needed CA certificate
|
|
for the connection.
|
|
"
|
|
::= { sTunnelEntry 13 }
|
|
|
|
sTunnelRemoteCertSubject OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..64))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"when VerifyPeer set to 'high' the string in this field is compared
|
|
with the subjectname of the remote peer certificate.
|
|
"
|
|
::= { sTunnelEntry 14 }
|
|
|
|
sTunnelRemoteCertSerialNo OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..32))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"when VerifyPeer set to 'very_high' the string in this field
|
|
is compared with the serial number of the remote peer certificate.
|
|
"
|
|
::= { sTunnelEntry 15 }
|
|
|
|
sTunnelRemoteCertDns OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..255))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"when VerifyPeer set to 'very_high' the string in this field
|
|
is compared with the DNS attribute within the subject alternative
|
|
names of the remote peer certificate. But if this variable is left
|
|
blank no comparison is done and it is continued (accepted) without!
|
|
"
|
|
::= { sTunnelEntry 16 }
|
|
|
|
sTunnelCertificateStatus OBJECT-TYPE
|
|
SYNTAX INTEGER { initial(1),cert-ok(2),
|
|
invalid-cert-untrusted(3),
|
|
invalid-cert-expired(4),
|
|
invalid-cert-wrong-id-or-type(5),
|
|
invalid-cert-revoked(6),
|
|
no-cert-available(7),
|
|
undefined-ssl-error(8)}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The certificatestatus displays if and which error occured during
|
|
the certificate validation. If no error occured it is ok(2).
|
|
The four possible errors are the cert is untrusted(3),
|
|
the cert has expired(4), the cert has a wrong id or type or the
|
|
cert has been revoked(5). If no cert is available the status is
|
|
no_cert_available(7). In any other (certificate) error situation
|
|
the status is set to undefined_ssl_error(8).
|
|
"
|
|
DEFVAL { initial }
|
|
::= { sTunnelEntry 17 }
|
|
|
|
sTunnelRetries OBJECT-TYPE
|
|
SYNTAX INTEGER (0..50)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of retries which were already done during the
|
|
actual e.g. last connection.
|
|
"
|
|
::= { sTunnelEntry 18 }
|
|
|
|
sTunnelRetryTime OBJECT-TYPE
|
|
SYNTAX INTEGER (0..3600)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The time in seconds which the system waits for a reconnection
|
|
try if the last try failed.
|
|
"
|
|
DEFVAL { 60 }
|
|
::= { sTunnelEntry 19 }
|
|
|
|
sTunnelMaxRetries OBJECT-TYPE
|
|
SYNTAX INTEGER (-1..50)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The maximum number of retries till the system declares
|
|
the connection to failed. In case of '-1' infinite retries
|
|
will take place.
|
|
"
|
|
DEFVAL { 3 }
|
|
::= { sTunnelEntry 20 }
|
|
|
|
sTunnelReopenDelay OBJECT-TYPE
|
|
SYNTAX INTEGER (-1..31536000)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The time till the connection will be reopened.
|
|
"
|
|
DEFVAL { 0 }
|
|
::= { sTunnelEntry 21 }
|
|
|
|
sTunnelShortHold OBJECT-TYPE
|
|
SYNTAX INTEGER (-1 .. 3600)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The ShortHold is the number of seconds after which an inactive
|
|
connection is closed. Is the ShortHold set to -1 it is never
|
|
closed for the reason of inactivity.
|
|
"
|
|
DEFVAL { -1 }
|
|
::= { sTunnelEntry 22 }
|
|
|
|
sTunnelDebug OBJECT-TYPE
|
|
SYNTAX INTEGER { disabled(1), enabled(2) }
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"enables(2) or disables(1) debug messages for this peer.
|
|
"
|
|
DEFVAL { disabled }
|
|
::= { sTunnelEntry 23 }
|
|
|
|
sTunnelLastStatusChange OBJECT-TYPE
|
|
SYNTAX TimeTicks
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This value shows the time since the last sTunnelStatus change.
|
|
"
|
|
::= { sTunnelEntry 24 }
|
|
|
|
sTunnelRxBytes OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The amount of received (data) bytes from the external connection.
|
|
Only the real data bytes
|
|
(without any header or encryption/hash are counted).
|
|
"
|
|
DEFVAL { 0 }
|
|
::= { sTunnelEntry 25 }
|
|
|
|
sTunnelTxBytes OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The amount of transmitted bytes towards the external connection.
|
|
Only the real data bytes
|
|
(without any header or encryption/hash are counted).
|
|
"
|
|
DEFVAL { 0 }
|
|
::= { sTunnelEntry 26 }
|
|
|
|
sTunnelTCPConnections OBJECT-TYPE
|
|
SYNTAX INTEGER (0..65535)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Counts the SSL-TCP-Connections of this tunnel.
|
|
"
|
|
::= { sTunnelEntry 27 }
|
|
|
|
sTunnelStatus OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
up(1),
|
|
down(2),
|
|
wait-for-retry(3),
|
|
wait-for-connection(4),
|
|
failed(5),
|
|
wait-for-reopen(6),
|
|
external-up(7),
|
|
finished(8)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The (operational) status of the connection. 'up'(1) means the
|
|
connection is fully established.
|
|
'down'(2) means the connection is (finally) down.
|
|
'wait-for-retry'(3) means the system waits RetryTime
|
|
seconds before the next connection try will be performed.
|
|
'wait-for-connection'(4) means that the peer waits for a connect
|
|
(if it is in server mode) or for accepting its own connection
|
|
try (if it is in client mode). Only if both internal and
|
|
external connection are established the status changes to 'up'.
|
|
'failed'(5) means that the connection finally failed, so no more
|
|
retries will take place (in this case the peer's AdminStatus
|
|
hast to be reset to retry to establish the connection).
|
|
'wait-for_reopen'(6) is indicating that the timer for a reopen
|
|
is running and on expire a reopen is performed.
|
|
'external_up'(7) means the external connection is
|
|
established the internal not yet.
|
|
'finished'(8) means the last TCP connection got quit
|
|
and tunnel is temporalily down.
|
|
"
|
|
DEFVAL { down }
|
|
::= { sTunnelEntry 28 }
|
|
|
|
END
|