cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From swill <>
Subject [GitHub] cloudstack issue #872: Strongswan vpn feature
Date Wed, 19 Oct 2016 12:32:16 GMT
Github user swill commented on the issue:
    @jayapalu the issues are harder to notice if the connection is always coming up.  The
problem is if you do a configuration which the connection does not come up.  Because of the
logic I pointed out above, the `stopVpnConnection()` function is never called in the java,
so the VRs are never directed to remove the S2S VPN configuration from the VR.
    > Each time we configure the s2s vpn we suppose to overwrite config file (ipsec.vpn-.conf).
    > Even if the file not got deleted next time the config get overwritten.
    This is not actually the case.  If the Connection state is `Disconnected`, then the config
files are not deleted from the VR.  In that case, for example, if you had `dpd=true`, then
it will add the following items to the config file.
    Now let's assume that we need to set `dpd=false`, so we remove the configuration from
ACS ([the files won't get deleted because it is in `Disconnected` state](
 Then when the new configuration is applied to the VR, it will see the `dpd=false` and will
not attempt to modify those lines.  Which means that since the config already had those `dpd`
lines in the config, they will not be removed and every config will include those `dpd` config
options even though ACS has specified that those config options should not be present.
    I have updated the java code to delete the configs from the VR even if the connection
is disconnected.  I will continue testing and will send a PR to your PR soon.
    I see you have made changes to this PR.  Are the changes a result of testing and these
changes fix some bad behavior?

If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at or file a JIRA ticket
with INFRA.

View raw message