cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chiradeep Vittal <Chiradeep.Vit...@citrix.com>
Subject Re: Modify Site-to-Site VPN interface to include ID/FQQN capabilites
Date Wed, 17 Jul 2013 08:11:10 GMT
Can the leftid be set to the address of eth2 (public IP of the VR) and the
rightid be set to the right-side vpn peer?

On 7/17/13 3:01 AM, "Ian Service" <iservice@ts2.ca> wrote:

>After working with a few different hardware VPN gateways in a few
>different
>configurations I've found there's a relatively simple component missing to
>allow us to easily support those other configurations.  I've been able to
>get the networks to connect with some modifications in the VPC router VM,
>but it would be great if they would work within CloudStack's interface so
>that
>
>The current /opt/cloud/bin/ipsectunnel.sh script includes the following
>options:
>
>Usage: ipsectunnel.sh: (-A|-D) -l <left-side vpn peer> -n <left-side guest
>cidr> -g <left-side gateway> -r <right-side vpn peer> -N <right-side
>private subnets> -e <esp policy> -i <ike policy> -t <ike lifetime>
-T <esp
>lifetime> -s <pre-shared secret> -d <dpd 0 or 1>
>
>I can modify it to include -L <left-side ID> and -R <right-side ID>  which
>would add leftid=@<left-side ID> and rightid=@<right-side ID> to
>/etc/ipsec.d/ipsec.vpn-<right-side vpn peer>.conf
>
>and @<left-side ID> @<right-side ID>: PSK "<pre-shared secret>" to
>/etc/ipsec.d/ipsec.vpn-<right-side vpn peer>.secrets
>
>But, I'm not a Java dev so I'd need someone to help add the fields to the
>web interface and I'd need someone with experience to properly update the
>schema to add the new fields to the database.
>
>Any interest?
>
>Thanks,
>
>- Ian


Mime
View raw message