SNMPv3 authPriv always returns REPORT (authFailure / decryption error) with snmpsim when using Net-SNMP manager #188
Description
Hello,
I am attempting to use snmpsim-command-responder as an SNMPv3 agent (authPriv, SHA/AES) and query it using Net-SNMP (snmpget). SNMPv2c works correctly with the same public.snmprec data, but SNMPv3 consistently fails with REPORT responses (usmStatsWrongDigests / decryption error), even when engine IDs, users, and credentials appear to match.
After extensive debugging (Wireshark, engine ID pinning, key localization), I believe there are usability and documentation gaps around how snmpsim expects SNMPv3 keys to be provided (or I could be doing this wrong... would appreciate any insight!)
simulator command:
snmpsim-command-responder --v3-engine-id=80004fb8010203040506070809 --data-dir=data/vpu --agent-udpv4-endpoint=127.0.0.2:161 --cache-dir=snmpsim-cache --log-level=debug --v3-user snmpUser --v3-auth-proto SHA --v3-auth-key il0veSNMP --v3-priv-proto AES --v3-priv-key il0veSNMP
Net-SNMP command:
snmpget -M .\mibs -v3 -l authPriv -u snmpUser -a SHA -A il0veSNMP -x AES -X il0veSNMP -n public 127.0.0.2 1.3.6.1.2.1.1.3.0
(the OID used here is defined in the .snmprec on the simulator side, and it works for this Net-SNMP command: snmpget -M .\mibs -v2c -c public 127.0.0.2:161 1.3.6.1.2.1.1.3.0)
Observed behavior:
The manager sends a correctly formed SNMPv3 request:
msgFlags = 07 (auth + priv)
Encrypted PDU
Authentication and privacy parameters present
The simulator always responds with a REPORT:
usmStatsWrongDigests.0 or usmStatsDecryptionErrors.0
msgFlags = 04
No auth/priv parameters in the response
Wireshark confirms the agent is rejecting the request during USM processing.
Expected behavior:
SNMPv3 authPriv GET should return the configured OID value from the .snmprec file (same behavior as SNMPv2c).
Agent response should be encrypted and authenticated, not a REPORT.
I'd greatly appreciate any assistance, thanks!!