[strongSwan-dev] SNMP and Strongswan

Gerd v. Egidy lists at egidy.de
Tue Mar 3 09:59:52 CET 2015

Hi Philip,

> I'm looking at adding MIB support (because a client requested it) and
> wondering what prior work anyone else had done in this realm.
> I've seen that there's an RFC (4807) for SPD configuration, but I've not
> found an IPsec SA MIB.

I've done a bit of research and found that there is no standard that is used 
by several vendors.

Cisco, Checkpoint, Watchguard all have their own, vendor specific MIB to 
monitor IPSec.

Sophos (ex Astaro) don't have it, as they are using Strongswan internally, it 
would have been handy.

I couln't find any snmp support for the other opensource IPSec stacks 
KAME/Racoon and OpenSWAN.

So unless you are accustomed to IETF work and have the time to write, edit and 
argument an RFC, I'd suggest to do it like the others and create a Strongswan 
specific MIB.

Kind regards,


More information about the Dev mailing list