Everything was working … until I enabled SSL and LetsEncrypt. Then for some reason, SNMP works as expected for routers, but for Windows Servers it has quit working. Can’t figure out why it is allowing SNMP on routers, but not for servers.
In this image the router is green, the server is red, both are at the same location, both use SNMP, both worked till I SSL’d.
Continue to work on this - tried SNMP walk in the image above I can SNMPwalk to the router from the librenms server, but when I try the server I get no response.
I can ping both devices from the Librenms server - just can’t snmp both
Hi @TecDragon ,
It is really strange that snmpwalk to the server stopped working after a config change to Libre. Did you try restarting the snmp agent on the server?
Yes,
I tried restarting the service on the Windows server
I rebooted both the Windows server and the Librenms server.
I tested the main firewall with any\any properties - didn’t help, didn’t think it would, I can SNMP to routers and APs but not the windows servers.
I turned off the firewall on the windows servers (for testing).
I removed one of the Windows servers from Librenms and then tried to re-add it. I get, could not connect to ‘Server’ please check the snmp details and snmp reachablitity.
I can ping the server from the librenms server, but SNMP says timed out. However, the router at the same site reports in religiously.
I modified the nginx config to match the one in the documentation provided here, rebooted the server and no luck.
Cannot figure out why routers, ap’s, printers, etc all work with SNMP but the Windows servers will not.
One thing is that windows servers on the same local network as the Librenms server still work with SNMP only remote windows servers do not. However all of them worked till I enabled SSL, and the routers, aps, and printers, report in from the remote site, only the Windows server shows to be down.
I created a snapshot prior to enabling SSL and have rolled back to the pre-ssl environment. Now everything works again.
However it appears my choices are no ssl and functioning snmp or with ssl and not functioning snmp.
Still would love to find an answer for this that would allow me to use https\ssl
With SSL will SNMP on Windows servers only work with SNMP V3? Or do I need to do something else to get it working on Windows servers. SNMP works everywhere (routers, printers, aps, etc) except for Windows servers with SSL enabled.
I will wait for someone else to pitch in here, because I have migrated from http to https/ssl (RHEL 7/Apache) and didn’t face any issue with the SNMP polling.
Ok, I have something. If I tell SNMP on the server to accept SNMP from any device it works. So it is some sort of translation issue. I have put every IP in the box, every name in the box. Can’t think of anything else to put in the SNMP device list on the windows server.
I now have to figure out how to see what is connecting to SNMP on the windows server so that I can add the correct listener.
Ok, I figured this out. We tunnel our remote connections through IPSec tunnels. I had put the IP address of the monitoring server, the dns name of the server, the external ip address from our dns host. Basically everything I could think of, then I wiresharked it and found that the ip address coming in on the server is the ip address of the IPSec tunnel. Not sure why this broke after enabling SSL but it did, changed the available device the tunnel IP and it works.
So this doesn’t make any sense, unless something is doing NAT somewhere.
Normally IPsec just passes traffic from point A to point B, it leaves the IP source address alone. I’m guessing that whatever is doing the tunnelling for you is also doing NAT, either at the LibreNMS side or over at the “remote” side. And SSL should have nothing to do with anything, again, unless there were rules in place related to the SSL config that were fiddling with NAT.
I am assuming it is the firewall, everything worked till I enabled SSL and wanted to access it from home. As such I had to put in a DNAT in our firewall to point to the Librenms server. The firewall is a Sophos, as such it has a NAT wizard and created the primary DNAT as well as two other NAT rules a Loopback and a reflexive. All have HTTPS and SNMP traffic enabled.
Not sure I could disable them without breaking it. - Simple lack of knowledge on my part. I added the corp side ipsec tunnel address to the available snmp targets and pushed it out with a GPO. Now they work, might be a bit complicated for someone to figure out in the future.
I will take any advice you want to give, and give it a try. I however am at the end of my knowledge of what to do from here.
thanks for the help.