Netconf over TLS query

NETCONF
1

Hi @cohult,

We have a query related to Netconf over TLS. We have already gone through the Confd Demo example. A few things to know,

  1. The example mentioned uses GNUtls utility to connect for TLS, but it internally connects via TCP only. Do we have inbuilt support for TLS in confd or a similar utility over CONFD has to be used.

Link:
ConfD-Demos/x509tls-netconf at master · ConfD-Developer/ConfD-Demos (github.com)

  1. In query 1 stands true, then will it be correct to say that even 7.2 and 7.3 versions also support the same.
    Any reason for mentioning 7.4 and above in the setup.sh files?

Thanks!

Regards,
Ankit

1 Like
2

What do you mean by “internally”? The TLS server for NETCONF is set up her:e ConfD-Demos/x509tls-netconf/app/tls-x509-subsys.c at master · ConfD-Developer/ConfD-Demos · GitHub . The NETCONF over TLS client used for test purposes is the gnutls-cli. ConfD-Demos/x509tls-netconf/app/run.sh at 1322bab514354ad5af98006b8dd11b871882ef49 · ConfD-Developer/ConfD-Demos · GitHub

There is no built-in TLS server in ConfD for NETCONF. Only for RESTCONF through the webserver (HTTP). For NETCONF you need to use something similar to what the demo does, i.e. GnuTLS or similar.

The demo was tested with 7.4 or later. You will likely have to do some minor modifications to make the demo work with older versions of ConfD.