-- This file is corresponding to Release 9.1.10.101 from 2014/08/11 00:00:00


-- $RCSfile: mib-stunnel,v $
-- $Revision: 1.15 $
-- $Date: 2014-02-07 10:37:50 $
--------------------------------------------------------------------------


BINTEC-STUNNEL-MIB DEFINITIONS ::= BEGIN

IMPORTS
        MODULE-IDENTITY, OBJECT-TYPE, NOTIFICATION-TYPE,
        Integer32, Unsigned32, Counter32, Counter64, IpAddress, TimeTicks,
        mib-2, enterprises
        FROM SNMPv2-SMI

        DisplayString, TimeStamp
        FROM SNMPv2-TC

        security, Date, BitValue, HexValue
        FROM BINTEC-MIB

        MODULE-COMPLIANCE, OBJECT-GROUP, NOTIFICATION-GROUP
        FROM SNMPv2-CONF;


sTunnelMIB MODULE-IDENTITY
        LAST-UPDATED "2007061100Z"
        ORGANIZATION "bintec elmeg GmbH"
        CONTACT-INFO
                "EMail: info@bintec-elmeg.com
                 Web: www.bintec-elmeg.com
                 "
        DESCRIPTION
                "MIB for STunnel daemon"
        REVISION "2007061100Z"
        DESCRIPTION
                "STunnel MIB."
        ::= { security 12 }

sTunnel OBJECT IDENTIFIER ::= { sTunnelMIB 1 }

sTunnelAdm OBJECT IDENTIFIER ::= { sTunnel 1 }
        sTunnelAdmStatus OBJECT-TYPE
        SYNTAX INTEGER { up(1), down(2) }
        MAX-ACCESS read-write
        STATUS current
        DESCRIPTION
        "The AdminStatus of STunnel overall. This means if this Status
         is set to 'down' no tunnel will be established. So it doesn't
         matter if a single tunnel is set to AdminStatus 'down' or 'up'.
         In case of 'up' it depends on the single tunnel whether it is
         established or not.
        "
        DEFVAL { down }
        ::= { sTunnelAdm 1 }

        sTunnelAdmMaxTunnels OBJECT-TYPE
        SYNTAX INTEGER (0..65535)
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
        "The maximum of RUNNING tunnels in the system.
        "
        DEFVAL { 10 }
        ::= { sTunnelAdm 2 }

        sTunnelAdmRunningTunnels OBJECT-TYPE
        SYNTAX INTEGER (0..65535)
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
        "The number of running tunnels at the moment.
        "
        DEFVAL { 0 }
        ::= { sTunnelAdm 3 }

        sTunnelAdmKeepAliveRetries OBJECT-TYPE
        SYNTAX INTEGER (0..255)
        MAX-ACCESS read-write
        STATUS current
        DESCRIPTION
        "The maximum number of TCP keepalive retries sent before
         the (SSL) TCP connection is closed as it is suggested that
         the remote side isn't reachable anymore. The default value is
         0 which takes the default number of retries of TCP.
        "
        DEFVAL { 0 }
        ::= { sTunnelAdm 4 }

        sTunnelAdmKeepAliveTimeout OBJECT-TYPE
        SYNTAX INTEGER (0..65535)
        MAX-ACCESS read-write
        STATUS current
        DESCRIPTION
        "The timeout (in seconds) of a TCP keepalive try. If no answer is
         received within this time another retry will be sent. The default
         value is 0 which takes the default keepalive retry timeout of TCP.
        "
        DEFVAL { 0 }
        ::= { sTunnelAdm 5 }

sTunnelTable OBJECT-TYPE
        SYNTAX  SEQUENCE OF STunnelEntry
        MAX-ACCESS      not-accessible
        STATUS          current
        DESCRIPTION
                "The StunnelTable holds single Stunnel peers.
                "
        ::= { sTunnel 2 }
        
sTunnelEntry OBJECT-TYPE
        SYNTAX STunnelEntry
        MAX-ACCESS not-accessible
        STATUS  current
        DESCRIPTION
                "A single Stunnel entry e.g. a Stunnel peer.
                "
        INDEX { sTunnelIndex }
        ::= { sTunnelTable 1 }

STunnelEntry ::=
        SEQUENCE {
                sTunnelIndex                  INTEGER,
                sTunnelAdminStatus            INTEGER,
                sTunnelDescription            DisplayString,
                sTunnelExternalIp             IpAddress,
                sTunnelExternalPort           INTEGER,
                sTunnelExternalMode           INTEGER,
                sTunnelInternalIp             IpAddress,
                sTunnelInternalPort           INTEGER,
                sTunnelInternalMode           INTEGER,
                sTunnelPrivateToken           OCTET STRING,
                sTunnelVerifyPeer             INTEGER,
                sTunnelCertificateIdx         INTEGER,
                sTunnelCACertificateIdx       INTEGER,
                sTunnelRemoteCertSubject      DisplayString,
                sTunnelRemoteCertSerialNo     DisplayString,
                sTunnelRemoteCertDns          DisplayString,
                sTunnelCertificateStatus      INTEGER,
                sTunnelRetries                INTEGER,
                sTunnelRetryTime              INTEGER,
                sTunnelMaxRetries             INTEGER,
                sTunnelReopenDelay            INTEGER,
                sTunnelShortHold              INTEGER,
                sTunnelDebug                  INTEGER,
                sTunnelLastStatusChange       TimeTicks,
                sTunnelRxBytes                Counter32,
                sTunnelTxBytes                Counter32,
                sTunnelTCPConnections         INTEGER,
                sTunnelStatus                 INTEGER
        }

        sTunnelIndex OBJECT-TYPE
        SYNTAX          INTEGER (0..65535)
        MAX-ACCESS      read-write
        STATUS          current
        DESCRIPTION
                "The Index gives (should give) an unique ID for the STunnel.
                "
        DEFVAL { 0 }
        ::= { sTunnelEntry 1 }

        sTunnelAdminStatus OBJECT-TYPE
        SYNTAX          INTEGER { up(1), down(2), delete(3) }
        MAX-ACCESS      read-write
        STATUS          current
        DESCRIPTION
                "The AdminStatus of one entry declares whether this peer should
                 be established (up) or not (down). In case of setting the AdminStatus
                 to 'delete' the entry will be deleted.
                "
        DEFVAL { up }
        ::= { sTunnelEntry 2 }

        sTunnelDescription OBJECT-TYPE
        SYNTAX          DisplayString (SIZE (0..32)) 
        MAX-ACCESS      read-write
        STATUS          current
        DESCRIPTION
                "The description of the Stunnel. Is only for giving each tunnel
                 a name but has no further meaning e.g. function.
                "
        ::= { sTunnelEntry 3 }

        sTunnelExternalIp OBJECT-TYPE
        SYNTAX          IpAddress
        MAX-ACCESS      read-write
        STATUS          current
        DESCRIPTION
                "This field holds the IP to or from which the SSL connection
                 will be established. If it is set (not 0) in 
                 ExternalMode_server the remote IP (incoming connection) is 
                 checked against ExternalIp. The default value is 0.0.0.0 .
                "
        DEFVAL { '00000000'H }
        ::= { sTunnelEntry 4 }

        sTunnelExternalPort OBJECT-TYPE
        SYNTAX          INTEGER (0..65535)
        MAX-ACCESS      read-write
        STATUS          current
        DESCRIPTION
                "The port of the external connection. In ExternalMode client
                 it defines the port it is connected to and in ExternalMode server
                 it defines the port it is listened on for incoming connections.
                "
        ::= { sTunnelEntry 5 }

        sTunnelExternalMode OBJECT-TYPE
        SYNTAX          INTEGER { 
                client(1), 
                server(2)
        }
        MAX-ACCESS      read-write
        STATUS          current
        DESCRIPTION
                "The ExternalMode declares whether the system is server or client
                 to the outside e.g. SSL connection.
                "
        DEFVAL { client }
        ::= { sTunnelEntry 6 }

        sTunnelInternalIp OBJECT-TYPE
        SYNTAX          IpAddress
        MAX-ACCESS      read-write
        STATUS          current
        DESCRIPTION
                "The InternalIp default value is 127.0.0.1 (localhost). 
                 That means that the internal stunnel endpoint is the system
                 itself and connects to an internal service 
                 (telnet,snmp,syslog). In special cases it is possible to
                 to tunnel a service from a host on the local subnet. Therefore
                 it is necessary to define the IP of the local subnet host here.
                 If the InternalMode is server and InternalIp is set (not 0) 
                 it is checked whether InternalIp matches
                 the remote IP (incoming connection).
                "
        DEFVAL { '7f000001'H }
        ::= { sTunnelEntry 7 }

        sTunnelInternalPort OBJECT-TYPE
        SYNTAX          INTEGER (0..65535)
        MAX-ACCESS      read-write
        STATUS          current
        DESCRIPTION
                "The port on which will be connected internally in InternalMode client or
                 on which will be listened on for an incoming connection.
                "
        ::= { sTunnelEntry 8 }

        sTunnelInternalMode OBJECT-TYPE
        SYNTAX          INTEGER { client(1), server(2) }
        MAX-ACCESS      read-write
        STATUS          current
        DESCRIPTION
                "The InternalMode declares whether the system is server or client
                 to the inside connection (NON-SSL connection).
                "
        DEFVAL { client }
        ::= { sTunnelEntry 9 }

        sTunnelPrivateToken OBJECT-TYPE
        SYNTAX          OCTET STRING (SIZE (0..16)) 
        MAX-ACCESS      read-write
        STATUS          current
        DESCRIPTION
                "The PrivateToken is sent with the first packet as soon as
                 the connection is established. It is used if the remote side
                 wants to receive several connections on the same port and therefore
                 needs a token to associate the connection.
                "
        ::= { sTunnelEntry 10 }

        sTunnelVerifyPeer OBJECT-TYPE
        SYNTAX          INTEGER { none(1), normal(2), high(3), 
                                  very-high(4), accept-self-signed(5) }
        MAX-ACCESS      read-write
        STATUS          current
        DESCRIPTION
                "If VerifyPeer is set to 'none'(1) no SSL verification is done.
                 Setting VerifyPeer to 'normal'(2) a normal SSL verification is done
                 (certificates are checked). If it is set to 'high'(3) also the 
                 subjectname of the remote side's certificate will be checked and
                 SSL connection will be cancelled if it doesn't match 
                 to RemoteCertSubject. In case of VerifyPeer is set to 'very_high'
                 beside the RemoteCertSubject also the SerialNumber of the certificate
                 is checked to be equal or greater than RemoteCertSerialNo and
                 the DNS attribute (withing the subject alternative names) 
                 is checked to be equal against RemoteCertDns (if it is configured
                 else no check against this variable is done).
                 If VerifyPeer is set to 'accept-self-signed'(5)
                 a 'normal' verification is done but self signed certificates 
                 will be accepted, too.
                "
        DEFVAL { normal }
        ::= { sTunnelEntry 11 }

        sTunnelCertificateIdx OBJECT-TYPE
        SYNTAX          INTEGER (0..65535)
        MAX-ACCESS      read-write
        STATUS          current
        DESCRIPTION
                "The (row) index of the CertTable holding the wanted peer certificate
                 for the connection.
                "
        ::= { sTunnelEntry 12 }

        sTunnelCACertificateIdx OBJECT-TYPE
        SYNTAX          INTEGER (0..65535)
        MAX-ACCESS      read-write
        STATUS          current
        DESCRIPTION
                "The (row) index of the CertTable holding the wanted/needed CA certificate
                 for the connection.
                "
        ::= { sTunnelEntry 13 }

        sTunnelRemoteCertSubject OBJECT-TYPE
        SYNTAX          DisplayString (SIZE (0..64)) 
        MAX-ACCESS      read-write
        STATUS          current
        DESCRIPTION
                "when VerifyPeer set to 'high' the string in this field is compared
                 with the subjectname of the remote peer certificate.
                "
        ::= { sTunnelEntry 14 }

        sTunnelRemoteCertSerialNo OBJECT-TYPE
        SYNTAX          DisplayString (SIZE (0..32)) 
        MAX-ACCESS      read-write
        STATUS          current
        DESCRIPTION
                "when VerifyPeer set to 'very_high' the string in this field 
                 is compared with the serial number of the remote peer certificate.
                "
        ::= { sTunnelEntry 15 }

        sTunnelRemoteCertDns OBJECT-TYPE
        SYNTAX          DisplayString (SIZE (0..255)) 
        MAX-ACCESS      read-write
        STATUS          current
        DESCRIPTION
                "when VerifyPeer set to 'very_high' the string in this field 
                 is compared with the DNS attribute within the subject alternative
                 names of the remote peer certificate. But if this variable is left
                 blank no comparison is done and it is continued (accepted) without!
                "
        ::= { sTunnelEntry 16 }

        sTunnelCertificateStatus OBJECT-TYPE
        SYNTAX          INTEGER { initial(1),cert-ok(2), 
                                    invalid-cert-untrusted(3),
                                    invalid-cert-expired(4),
                                    invalid-cert-wrong-id-or-type(5),
                                    invalid-cert-revoked(6),
                                    no-cert-available(7),
                                    undefined-ssl-error(8)}
        MAX-ACCESS      read-only
        STATUS          current
        DESCRIPTION
                "The certificatestatus displays if and which error occured during
                 the certificate validation. If no error occured it is ok(2).
                 The four possible errors are the cert is untrusted(3), 
                 the cert has expired(4), the cert has a wrong id or type or the
                 cert has been revoked(5). If no cert is available the status is
                 no_cert_available(7). In any other (certificate) error situation
                 the status is set to undefined_ssl_error(8).
                "
        DEFVAL { initial }
        ::= { sTunnelEntry 17 }

        sTunnelRetries OBJECT-TYPE
        SYNTAX          INTEGER (0..50)
        MAX-ACCESS      read-only
        STATUS          current
        DESCRIPTION
                "The number of retries which were already done during the
                 actual e.g. last connection.
                "
        ::= { sTunnelEntry 18 }

        sTunnelRetryTime OBJECT-TYPE
        SYNTAX          INTEGER (0..3600)
        MAX-ACCESS      read-write
        STATUS          current
        DESCRIPTION
                "The time in seconds which the system waits for a reconnection
                 try if the last try failed.
                "
        DEFVAL { 60 }
        ::= { sTunnelEntry 19 }

        sTunnelMaxRetries OBJECT-TYPE
        SYNTAX          INTEGER (-1..50)
        MAX-ACCESS      read-write
        STATUS          current
        DESCRIPTION
                "The maximum number of retries till the system declares 
                 the connection to failed. In case of '-1' infinite retries
                 will take place.
                "
        DEFVAL { 3 }
        ::= { sTunnelEntry 20 }

        sTunnelReopenDelay OBJECT-TYPE
        SYNTAX          INTEGER (-1..31536000)
        MAX-ACCESS      read-write
        STATUS          current
        DESCRIPTION
            "The time till the connection will be reopened. 
            "
        DEFVAL { 0 }
        ::= { sTunnelEntry 21 }

        sTunnelShortHold OBJECT-TYPE
        SYNTAX          INTEGER (-1 .. 3600)
        MAX-ACCESS      read-write
        STATUS          current
        DESCRIPTION
                "The ShortHold is the number of seconds after which an inactive
                 connection is closed. Is the ShortHold set to -1 it is never
                 closed for the reason of inactivity.
                "
        DEFVAL { -1 }
        ::= { sTunnelEntry 22 }

        sTunnelDebug OBJECT-TYPE
        SYNTAX          INTEGER { disabled(1), enabled(2) }
        MAX-ACCESS      read-write
        STATUS          current
        DESCRIPTION
              "enables(2) or disables(1) debug messages for this peer.
              "
        DEFVAL { disabled }
        ::= { sTunnelEntry 23 }

        sTunnelLastStatusChange OBJECT-TYPE
        SYNTAX          TimeTicks
        MAX-ACCESS      read-only
        STATUS          current
        DESCRIPTION
              "This value shows the time since the last sTunnelStatus change.
              "
        ::= { sTunnelEntry 24 }

        sTunnelRxBytes OBJECT-TYPE
        SYNTAX          Counter32 
        MAX-ACCESS      read-only
        STATUS          current
        DESCRIPTION
              "The amount of received (data) bytes from the external connection.
               Only the real data bytes 
               (without any header or encryption/hash are counted).
              "
        DEFVAL { 0 }
        ::= { sTunnelEntry 25 }

        sTunnelTxBytes OBJECT-TYPE
        SYNTAX          Counter32 
        MAX-ACCESS      read-only
        STATUS          current
        DESCRIPTION
              "The amount of transmitted bytes towards the external connection.
               Only the real data bytes 
               (without any header or encryption/hash are counted).
              "
        DEFVAL { 0 }
        ::= { sTunnelEntry 26 }

        sTunnelTCPConnections OBJECT-TYPE
        SYNTAX          INTEGER (0..65535)
        MAX-ACCESS      read-only
        STATUS          current
        DESCRIPTION
              "Counts the SSL-TCP-Connections of this tunnel.
              "
        ::= { sTunnelEntry 27 }

        sTunnelStatus OBJECT-TYPE
        SYNTAX          INTEGER { 
                up(1), 
                down(2), 
                wait-for-retry(3), 
                wait-for-connection(4), 
                failed(5),
                wait-for-reopen(6),
                external-up(7),
                finished(8)
        }
        MAX-ACCESS      read-only
        STATUS          current
        DESCRIPTION
                "The (operational) status of the connection. 'up'(1) means the
                 connection is fully established.
                 'down'(2) means the connection is (finally) down. 
                 'wait-for-retry'(3) means the system waits RetryTime
                 seconds before the next connection try will be performed. 
                 'wait-for-connection'(4) means that the peer waits for a connect
                 (if it is in server mode) or for accepting its own connection
                 try (if it is in client mode). Only if both internal and 
                 external connection are established the status changes to 'up'.
                 'failed'(5) means that the connection finally failed, so no more
                 retries will take place (in this case the peer's AdminStatus 
                 hast to be reset to retry to establish the connection).
                 'wait-for_reopen'(6) is indicating that the timer for a reopen
                 is running and on expire a reopen is performed.
                 'external_up'(7) means the external connection is
                 established the internal not yet.
                 'finished'(8) means the last TCP connection got quit 
                 and tunnel is temporalily down.
                "
        DEFVAL { down }
        ::= { sTunnelEntry 28 }

END
