cloudstack-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From r...@apache.org
Subject [2/6] git commit: updated refs/heads/master to 05a29f0
Date Fri, 14 Aug 2015 11:06:43 GMT
CLOUDSTACK-8730: fix s2s iptables rules and ipsec config

For site2site VPN to work, we need a default gateway to be set.
See CLOUDSTACK-8685


Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/38245831
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/38245831
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/38245831

Branch: refs/heads/master
Commit: 382458317ead1ded0149b0fa43d41cd527d22e50
Parents: ff66175
Author: Remi Bergsma <github@remi.nl>
Authored: Thu Aug 13 21:35:44 2015 +0200
Committer: Remi Bergsma <github@remi.nl>
Committed: Fri Aug 14 09:02:21 2015 +0200

----------------------------------------------------------------------
 systemvm/patches/debian/config/opt/cloud/bin/configure.py | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cloudstack/blob/38245831/systemvm/patches/debian/config/opt/cloud/bin/configure.py
----------------------------------------------------------------------
diff --git a/systemvm/patches/debian/config/opt/cloud/bin/configure.py b/systemvm/patches/debian/config/opt/cloud/bin/configure.py
index 2f3235e..154f0c9 100755
--- a/systemvm/patches/debian/config/opt/cloud/bin/configure.py
+++ b/systemvm/patches/debian/config/opt/cloud/bin/configure.py
@@ -428,7 +428,7 @@ class CsSite2SiteVpn(CsDataBag):
         self.fw.append(["", "front", "-A INPUT -i %s -p udp -m udp --dport 500 -j ACCEPT"
% dev])
         self.fw.append(["", "front", "-A INPUT -i %s -p udp -m udp --dport 4500 -j ACCEPT"
% dev])
         self.fw.append(["", "front", "-A INPUT -i %s -p esp -j ACCEPT" % dev])
-        self.fw.append(["nat", "front", "-A POSTROUTING -t nat -o %s-m mark --set-xmark 0x525/0xffffffff
-j ACCEPT" % dev])
+        self.fw.append(["nat", "front", "-A POSTROUTING -t nat -o %s -m mark --mark 0x525
-j ACCEPT" % dev])
         for net in obj['peer_guest_cidr_list'].lstrip().rstrip().split(','):
             self.fw.append(["mangle", "front",
                             "-A FORWARD -s %s -d %s -j MARK --set-xmark 0x525/0xffffffff"
% (obj['local_guest_cidr'], net)])
@@ -453,7 +453,7 @@ class CsSite2SiteVpn(CsDataBag):
         file.addeq(" leftsubnet=%s" % obj['local_guest_cidr'])
         file.addeq(" leftnexthop=%s" % obj['local_public_gateway'])
         file.addeq(" right=%s" % rightpeer)
-        file.addeq(" rightsubnets=%s" % peerlist)
+        file.addeq(" rightsubnets={%s}" % peerlist)
         file.addeq(" type=tunnel")
         file.addeq(" authby=secret")
         file.addeq(" keyexchange=ike")
@@ -463,7 +463,7 @@ class CsSite2SiteVpn(CsDataBag):
         file.addeq(" salifetime=%s" % self.convert_sec_to_h(obj['esp_lifetime']))
         file.addeq(" pfs=%s" % CsHelper.bool_to_yn(obj['dpd']))
         file.addeq(" keyingtries=2")
-        file.addeq(" auto=add")
+        file.addeq(" auto=start")
         if obj['dpd']:
             file.addeq("  dpddelay=30")
             file.addeq("  dpdtimeout=120")


Mime
View raw message