cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From swill <...@git.apache.org>
Subject [GitHub] cloudstack issue #872: Strongswan vpn feature
Date Tue, 18 Oct 2016 17:30:53 GMT
Github user swill commented on the issue:

    https://github.com/apache/cloudstack/pull/872
  
    I think I have found why the VPN connections are not correctly being deleted from the
VR when you run `deleteVpnConnection`.
    
    The [problem is here](https://github.com/apache/cloudstack/blob/master/server/src/com/cloud/network/vpn/Site2SiteVpnManagerImpl.java#L520):
    ```
    if (conn.getState() == State.Connected) {
        stopVpnConnection(id);
    }
    ```
    
    It should be:
    ```
    if (conn.getState() != State.Pending) {
        stopVpnConnection(id);
    }
    ```
    
    Right now, if the VPN is not in a `Connected` state, the configuration on the VR is never
cleaned up.  That means that if you make a mistake in your VPN configuration when you do it
the first time, the config is never deleted because it will either be in `Disconnected` or
`Error` state.  Between this and the fact that config files never get rebuilt, only added
to or updated, deleted configuration options (like `dpd` for example) will never be removed
from the config file.  This means that regardless of what you do (like delete everything from
ACS and start again), the VPN connection for that IP will ALWAYS be broken and it will never
be possible to make it work correctly because the config will be corrupted.
    
    @jayapalu, do you want me to create a pull request to your PR to make all my changes available
to you guys, or should I create my own PR?  Because we need this fix in 4.7, I have a few
branches I am maintaining locally with the changes.  Let me know...


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

Mime
View raw message