NSCA Failing with AES 128 Encryption

Support forum for Nagios Core, Nagios Plugins, NCPA, NRPE, NSCA, NDOUtils and more. Engage with the community of users including those using the open source solutions.
Locked
blevans
Posts: 13
Joined: Mon Mar 23, 2015 3:40 pm

NSCA Failing with AES 128 Encryption

Post by blevans »

We are using NSCA to send encrypted passive check updates from one Nagios server ("Nagios1") to another ("Nagios2").
The issue is that using AES256 encryption works fine, but AES128 cannot get any messages to the receiving server.

Versions:
NSCA 2.9.2
JSendNSCA 2.1.1
BouncyCastle 1.54

JSendNSCA (sending side, "Nagios1") is generating this exception when using AES128 encryption:
Exception trying to send passive check to Nagios: Read timed out
java.net.SocketTimeoutException: Read timed out
In /var/log/messages on the server ("Nagios2") side we see:
Received invalid packet type/version from client - possibly due to client using wrong password or crypto algorithm?

We have configured /usr/local/nagios/etc/nsca.cfg on the receiving host "Nagios2", and restarted nsca service (>service nsca restart):
decryption_method=14 (when testing AES128)
decryption_method=16 (when testing AES256)

Is there anything related to the NSCA Server on the receiving end ("Nagios2") that we need to recompile or modify to change decryption method, other than nsca.cfg?

Any help would be greatly appreciated!
tmcdonald
Posts: 9117
Joined: Mon Sep 23, 2013 8:40 am

Re: NSCA Failing with AES 128 Encryption

Post by tmcdonald »

I hadn't heard of the JSendNSCA or BouncyCastle packages before today, so I'd like to rule those out first. Can you try sending using the standard send_nsca we provide? It is available on our GitHub here: https://github.com/NagiosEnterprises/nsca

If you still are having the issue using that send_nsca binary, we can look into this further.
Former Nagios employee
Locked