cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From pdion891 <...@git.apache.org>
Subject [GitHub] cloudstack pull request: Strongswan vpn feature
Date Wed, 09 Dec 2015 13:29:09 GMT
Github user pdion891 commented on a diff in the pull request:

    https://github.com/apache/cloudstack/pull/872#discussion_r47089553
  
    --- Diff: systemvm/patches/debian/vpn/etc/ipsec.d/l2tp.conf ---
    @@ -30,4 +35,5 @@ conn L2TP-PSK
             # ----------------------------------------------------------
             # Change 'ignore' to 'add' to enable this configuration.
             #
    +        rightsubnetwithin=10.1.2.0/8
    --- End diff --
    
    Having hardcoded 10.0.0.0/8 cannot work on remote management VPN. Because if the remote
client internal subnet is in the 10.0.0.0/8 the VPN will fail to update routes on the client
side.
    
    Why not have /24 hardcoded but based on the ip range defined in the global settings? 

    so if user set  172.16.0.10 - 18  it will be using 172.16.0.0/24? Or the cleanest method
would be to use the smallest available subnet but this would require more code I guest. in
this example the subnet would be set to 172.16.0.0/27



---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

Mime
View raw message