Monitoring ipfire with snmp over vpn


i want to monitor IPFire via snmp over a vpn connection.
If i do a snmpwalk from the local network i get all the infos but if i try to connect over ovpn or ipsec i get no answer from the snmp daemon. Yes, i have configured the allowed networks in the snmpd.conf but it will not work.
If i look into the network bindings then I can see that snmpd is listening on so this should not be a problem. I also see no block messages in my firewall log so I think the firewall rules are not the problem.
I also temp. disabled the IDS - no change …

Any ideas what i have to change to get this working?



I configured my remote firewall’s snmpd.conf file like this:

com2sec localnet  192.168.YY.0/24         public
com2sec local     localhost       public
com2sec vpnnet	192.168.XX.0/24	public

group localgroup usm       localnet
group localgroup v1       localnet
view all    included  .1
access localgroup ""      any       noauth    exact  all    none   none

# Second, map the security names into group names:

#             	sec.model
group MyRWGroup	v1         local
group MyRWGroup	v2c        local
group MyRWGroup	usm        local

group MyROGroup v1         mynetwork
group MyROGroup v2c        mynetwork
group MyROGroup usm        mynetwork

group MyRWGroup	v1         vpnnet
group MyRWGroup	v2c        vpnnet
group MyRWGroup	usm        vpnnet

the vpnnet (192.168.XX.0/24) is my remote network from the local firewall, so after restarting the netsnmpd service, from my main firewall I see the snmpd suituation of the remote firewall.


1 Like

Hi Giuseppe,

thanks for the reply and your config.
It was a mixture of mistakes on my side and on the IPSec endpoint side.
The IPSec endpoint uchanged the network IP of the connecting device and on my side i had a mistake in the config.

Now it’s working