cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Erik Weber <terbol...@gmail.com>
Subject Re: VPC Site to Site VPN CIDR RFC1918
Date Wed, 21 May 2014 12:34:28 GMT
I understand that, but what my client wants is to connect public ips
instead of rfc1918 on one of the sides.

e.g. one network has 10.0.1.0/24 and ip 1.2.3.4
the other has 50.0.1.0/24 and ip 50.0.0.1

but cloudstack currently does not let you do that, because it expects cidrs
to be rfc1918. see log excerpt:

2014-05-21 12:30:42,326 WARN  [c.c.u.n.NetUtils]
(API-Job-Executor-7:job-3072 ctx-bf3922b1) cidr 50.0.1.0/24 is not RFC 1918
compliant
2014-05-21 12:30:42,335 ERROR [c.c.a.ApiAsyncJobDispatcher]
(API-Job-Executor-7:job-3072) Unexpected exception while executing
org.apache.cloudstack.api.command.user.vpn.CreateVpnCustomerGatewayCmd
com.cloud.exception.InvalidParameterValueException: The customer gateway
guest cidr list 50.0.1.0/24 is invalid guest cidr!
at
com.cloud.network.vpn.Site2SiteVpnManagerImpl.createCustomerGateway(Site2SiteVpnManagerImpl.java:176)

I'm wondering if this is a bug/lacking feature, or intended.
As I initially said I'm not a network guy, so there might be perfectly good
reasons this shouldn't be allowed.

But if it's a bug/lacking feature it would be great to know so that I could
file a ticket for it.

-- 
Erik Weber


On Wed, May 21, 2014 at 2:09 PM, Daan Hoogland <daan.hoogland@gmail.com>wrote:

> Erik,
>
> The vpn let's you connect to all the computers in the network on the
> other site on their private adresses. This means that you can give the
> cidr of the remote network in the definition on vpn connection.
>
> one network has 10.0.1.0/24 and ip 1.2.3.4
> the other has 10.0.2.0/24 and ip 4.3.2.1
>
> on the first you define endpoint/gateway 4.3.2.1 with cidr 10.0.1.0/24
> and you make it passive
> on the second you define the adresses of the first and stat is without
> the passive function
> now you can ping a machine with address 10.0.1.123 from a machine with
> ip 10.0.2.246
>
> Of course you can do this to an external network as well, which makes
> far more sense.
>
> On Wed, May 21, 2014 at 12:14 PM, Erik Weber <terbolous@gmail.com> wrote:
> >
> http://cloudstack.apache.org/docs/en-US/Apache_CloudStack/4.2.0/html/Installation_Guide/vpn.html#site-to-site-vpnstates
> :
> >
> >
> >    - *CIDR list*: The guest CIDR list of the remote subnets. Enter a CIDR
> >    or a comma-separated list of CIDRs. Ensure that a guest CIDR list is
> not
> >    overlapped with the VPC’s CIDR, or another guest CIDR. The CIDR must
> be
> >    RFC1918-compliant.
> >
> >
> > I'm not a network guy, so excuse the question if it's obvious, but if a
> > customer only has public ip's on their end, why is rfc1918 required?
> >
> >
> > --
> > Erik Weber
>
>
>
> --
> Daan
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message