cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daan Hoogland <daan.hoogl...@gmail.com>
Subject Re: VPC Site to Site VPN CIDR RFC1918
Date Wed, 21 May 2014 12:09:07 GMT
Erik,

The vpn let's you connect to all the computers in the network on the
other site on their private adresses. This means that you can give the
cidr of the remote network in the definition on vpn connection.

one network has 10.0.1.0/24 and ip 1.2.3.4
the other has 10.0.2.0/24 and ip 4.3.2.1

on the first you define endpoint/gateway 4.3.2.1 with cidr 10.0.1.0/24
and you make it passive
on the second you define the adresses of the first and stat is without
the passive function
now you can ping a machine with address 10.0.1.123 from a machine with
ip 10.0.2.246

Of course you can do this to an external network as well, which makes
far more sense.

On Wed, May 21, 2014 at 12:14 PM, Erik Weber <terbolous@gmail.com> wrote:
> http://cloudstack.apache.org/docs/en-US/Apache_CloudStack/4.2.0/html/Installation_Guide/vpn.html#site-to-site-vpnstates:
>
>
>    - *CIDR list*: The guest CIDR list of the remote subnets. Enter a CIDR
>    or a comma-separated list of CIDRs. Ensure that a guest CIDR list is not
>    overlapped with the VPC’s CIDR, or another guest CIDR. The CIDR must be
>    RFC1918-compliant.
>
>
> I'm not a network guy, so excuse the question if it's obvious, but if a
> customer only has public ip's on their end, why is rfc1918 required?
>
>
> --
> Erik Weber



-- 
Daan

Mime
View raw message