cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sheng Yang <sh...@yasker.org>
Subject Re: Modify Site-to-Site VPN interface to include ID/FQQN capabilites
Date Tue, 16 Jul 2013 22:01:03 GMT
Hi Ian,

I've implemented the S2S vpn, but at this memory I am focus on 4.2 release,
so I am afraid I don't have much time for new feature.

But you can file a Jira ticket anyway, and probably somebody interested in
it in the community would take it. Java is not hard. :)

Please make sure you would elaborate the feature in the ticket, e.g. how to
setup the remote-side with the new feature, then we would know how to test
it.

And one question, would <left-side ID> be used across all the S2S VPN
connections which issued by one user? I know <right-side ID> should be a
property of VPN customer gateway, but not sure about <left-side ID>.

--Sheng


On Tue, Jul 16, 2013 at 2:31 PM, Ian Service <iservice@ts2.ca> wrote:

> After working with a few different hardware VPN gateways in a few different
> configurations I've found there's a relatively simple component missing to
> allow us to easily support those other configurations.  I've been able to
> get the networks to connect with some modifications in the VPC router VM,
> but it would be great if they would work within CloudStack's interface so
> that
>
> The current /opt/cloud/bin/ipsectunnel.sh script includes the following
> options:
>
> Usage: ipsectunnel.sh: (-A|-D) -l <left-side vpn peer> -n <left-side guest
> cidr> -g <left-side gateway> -r <right-side vpn peer> -N <right-side
> private subnets> -e <esp policy> -i <ike policy> -t <ike lifetime>
-T <esp
> lifetime> -s <pre-shared secret> -d <dpd 0 or 1>
>
> I can modify it to include -L <left-side ID> and -R <right-side ID>  which
> would add leftid=@<left-side ID> and rightid=@<right-side ID> to
> /etc/ipsec.d/ipsec.vpn-<right-side vpn peer>.conf
>
> and @<left-side ID> @<right-side ID>: PSK "<pre-shared secret>" to
> /etc/ipsec.d/ipsec.vpn-<right-side vpn peer>.secrets
>
> But, I'm not a Java dev so I'd need someone to help add the fields to the
> web interface and I'd need someone with experience to properly update the
> schema to add the new fields to the database.
>
> Any interest?
>
> Thanks,
>
> - Ian
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message