cloudstack-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From GitBox <...@apache.org>
Subject [GitHub] rhtyd commented on issue #2190: CLOUDSTACK-10010: Fixed the negotiation of S2S VPN connections
Date Thu, 01 Jan 1970 00:00:00 GMT
rhtyd commented on issue #2190: CLOUDSTACK-10010: Fixed the negotiation of S2S VPN connections
URL: https://github.com/apache/cloudstack/pull/2190#issuecomment-348693472
 
 
   @swill /cc @syed I fixed fixed the issue and got the marvin test to pass, see my notes
on this PR. My fix is on this PR: https://github.com/apache/cloudstack/pull/2211.
   
   I've done three major things:
   - Increased retry count by 3, and ping the rightpeer:
   ```
   +        for i in xrange(3):
   +            result = CsHelper.execute('ipsec status vpn-%s | grep "%s"' % (rightpeer,
peerlist.split(",", 1)[0]))
   +            if len(result) > 0:
   +                break
   +            time.sleep(1)
   +
   +        # With 'auto=route', connections are established with an attempt to communicate
over the S2S VPN
   +        # Attempt to ping the other side to initialize the connection of the S2S VPN configuration
   +        CsHelper.execute("timeout 2 ping -c 2 %s" % (rightpeer))
   ```
   - In the tests, I've used `wait_until` to poll upto 60 seconds on the passive VPN connection
(docs says it may take upto 30s for the VPN connection to transition into `Connected` state)
   - Fixed strongswan 5.5 compatible configs
   - I've also tested the remote-access configs on Windows10 and Ubuntu (updated docs here
as well: http://docs.cloudstack.apache.org/projects/cloudstack-administration/en/latest/networking/using_remote_access.html#ubuntu).
With Strongswan 5.5, I did not reproduce the failures. Also with `auto=route`, it's not necessary
to add pings in the VR scripts, the end-client can initiate connections and it seemed to work
okay for me.

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services

Mime
View raw message