cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Will Stevens <wstev...@cloudops.com>
Subject Re: [4.10] VPN disconnected while network changes taken
Date Mon, 24 Apr 2017 20:28:34 GMT
Fair enough.  Well you will have a fix if people start to complain.  :P

*Will STEVENS*
Lead Developer

<https://goo.gl/NYZ8KK>

On Mon, Apr 24, 2017 at 4:21 PM, Remi Bergsma <RBergsma@schubergphilis.com>
wrote:

> I dont think the remote access feature is used a lot in our deploys, so I
> would assume it has the same issue. We mainly use s2s.
>
> Regards, Remi
> ________________________________
> From: Will Stevens <williamstevens@gmail.com>
> Sent: Monday, April 24, 2017 8:00:25 PM
> To: dev@cloudstack.apache.org
> Subject: Re: [4.10] VPN disconnected while network changes taken
>
> @remi, judging from your configure.py, I am assuming that any network
> change, like adding a PF rule, will drop the Remote Access VPN connection
> as well.  Is that the case?  Or am I missing something?
>
> On Mon, Apr 24, 2017 at 1:49 PM, Will Stevens <williamstevens@gmail.com>
> wrote:
>
> > I am trying to find a way to remove this explicit down and still be able
> > to keep the VPN connection up.
> >
> > https://github.com/apache/cloudstack/blob/master/
> systemvm/patches/debian/
> > config/opt/cloud/bin/configure.py#L638
> >
> > On Mon, Apr 24, 2017 at 1:41 PM, Will Stevens <williamstevens@gmail.com>
> > wrote:
> >
> >> @remi yes, I think you are right that we should change that for the
> >> site2site config. I will check that after.
> >>
> >> The issue referred to in this thread is in reference to the remote
> access
> >> VPN dropping when other networking is configured.
> >>
> >> In this case it is not a mystery why it is going down since we actually
> >> call a down on it when it gets reconfigured. I have been trying to get
> it
> >> to handle network config changes without taking down the VPN.
> >>
> >> I have obviously removed the explicit down and am trying to find a
> >> working configuration, but when xl2tpd is stopped, it goes down hard and
> >> when it comes back up it can't find the same tunnel, so the tunnel is
> >> dropped.
> >>
> >> I will review your config to see how you are handling this.
> >>
> >> Thanks for the support.
> >>
> >> On Apr 24, 2017 1:02 PM, "Remi Bergsma" <RBergsma@schubergphilis.com>
> >> wrote:
> >>
> >>> Hi all,
> >>>
> >>> While I haven’t investigated this issue, it does sound similar to what
> I
> >>> fixed in Cosmic (our fork) last month.
> >>>
> >>> This code does a down/up of the VPN connection:
> >>> https://github.com/apache/cloudstack/blob/master/systemvm/pa
> >>> tches/debian/config/opt/cloud/bin/configure.py#L547-L548
> >>>
> >>> We found that to be impacting. Since we have auto=start in the config
> >>> file already, we only have to reload the config and ipsec will take
> care of
> >>> the rest on its own. Fast & easy! Most of all, no more unneeded
> restarts.
> >>>
> >>> Simply put: just remove the stop/start lines as it is not needed.
> >>> The code is also hit when non-VPN changes are made, so that’s probably
> >>> why people report that another change causes it to disconnect.
> >>>
> >>> This is how we fixed it:
> >>> https://github.com/MissionCriticalCloud/cosmic/pull/339/comm
> >>> its/5ee5e70894a321f4d633c836e0bacef481b2b9af
> >>>
> >>> Hope this gives some inspiration and a possible solution.
> >>>
> >>> Regards, Remi
> >>>
> >>>
> >>>
> >>> On 24/04/2017, 17:50, "williamstevens@gmail.com on behalf of Will
> >>> Stevens" <williamstevens@gmail.com on behalf of wstevens@cloudops.com>
> >>> wrote:
> >>>
> >>>     Working on it now, I will let you know when I have a fix.
> >>>
> >>>     *Will STEVENS*
> >>>     Lead Developer
> >>>
> >>>     <https://goo.gl/NYZ8KK>
> >>>
> >>>     On Mon, Apr 24, 2017 at 11:34 AM, Haijiao <18602198181@163.com>
> >>> wrote:
> >>>
> >>>     > Hi Will
> >>>     >
> >>>     > Any progress about this issue ?
> >>>     >
> >>>     > tks
> >>>     >
> >>>     >
> >>>     > Sent from my mobile
> >>>     >
> >>>     > --------- 转发的邮件 ---------
> >>>     > 发件人: Haijiao <18602198181@163.com>
> >>>     > 发送日期: 2017年04月14日 23:21
> >>>     > 收件人: dev <dev@cloudstack.apache.org>
> >>>     > 抄送人:
> >>>     > 主题: Re:Re: [4.10] VPN disconnected while network changes
taken
> >>>     > Sure, Karuturi
> >>>     >
> >>>     > Logged a bug in Jira,  thanks!
> >>>     >
> >>>     > CLOUDSTACK-9878 Remote Access VPN that losing connection when new
> >>> network
> >>>     > configs are introduced
> >>>     > https://issues.apache.org/jira/browse/CLOUDSTACK-9878
> >>>     >
> >>>     >
> >>>     >
> >>>     > 在2017年04月14 13时14分, "Rajani Karuturi"<rajani@apache.org>写道:
> >>>     >
> >>>     >
> >>>     > Hi Haijiao,
> >>>     >
> >>>     > Thanks for testing. Can you log a bug for this please? It can be
> >>>     > a blocker for 4.10.
> >>>     >
> >>>     > @Will,
> >>>     >
> >>>     > Did you get a chance to take a look at this issue?
> >>>     >
> >>>     > Thanks,
> >>>     >
> >>>     > ~ Rajani
> >>>     >
> >>>     > http://cloudplatform.accelerite.com/
> >>>     >
> >>>     > On April 12, 2017 at 7:12 AM, Will Stevens
> >>>     > (wstevens@cloudops.com) wrote:
> >>>     >
> >>>     > Thanks, I will have a look.
> >>>     >
> >>>     > *Will STEVENS*
> >>>     > Lead Developer
> >>>     >
> >>>     > <https://goo.gl/NYZ8KK>
> >>>     >
> >>>     > On Tue, Apr 11, 2017 at 8:58 PM, Haijiao <18602198181@163.com>
> >>>     > wrote:
> >>>     >
> >>>     > HI, Will
> >>>     > It's a Remote Access VPN that losing connection while new
> >>>     > network configs
> >>>     > introduced.
> >>>     > Thanks !
> >>>     >
> >>>     > 在2017年04月12 02时26分, "Will Stevens"<wstevens@cloudops.com>写道:
> >>>     >
> >>>     > Is this a Site-to-Site VPN connection or the Remote Access VPN
> >>>     > that is
> >>>     > losing connection when new network configs are introduced?
> >>>     >
> >>>     > Thanks,
> >>>     >
> >>>     > *Will STEVENS*
> >>>     > Lead Developer
> >>>     >
> >>>     > <https://goo.gl/NYZ8KK>
> >>>     >
> >>>     > On Sat, Apr 8, 2017 at 12:49 AM, Haijiao <18602198181@163.com>
> >>>     > wrote:
> >>>     >
> >>>     > Hi,
> >>>     >
> >>>     > We built and tested the ACS 4.10 from the latest master (Apr.7,
> >>>     > 2017)
> >>>     >
> >>>     > Our environment is,
> >>>     > - ACS: 4.10.0.0-SNAPSHOT
> >>>     > - Management Server: Centos7.2 1151
> >>>     > - Host: Centos7.2 1151
> >>>     > - System VM: systemvm64template-master-4.10.0-kvm.qcow2.bz2
> >>>     > - Network: Isolated Network
> >>>     > - Network Offering: Offering for Isolated networks with Source
> >>>     > Nat
> >>>     >
> >>>     > service
> >>>     >
> >>>     > enabled
> >>>     >
> >>>     > We can successfully setup VPN and it works as expected. However,
> >>>     > once
> >>>     >
> >>>     > we
> >>>     >
> >>>     > take any network changes below, the VPN connnection will be
> >>>     > immediately
> >>>     > disconnected.
> >>>     >
> >>>     > - Update firewall rules (add/change)
> >>>     > - Update port fowarding
> >>>     > - Update LB
> >>>     > - Add one more VPN account
> >>>     >
> >>>     > Is there some configuration we missed ? Or it's due to the new
> >>>     > VPN
> >>>     > component (StrongSWAN) introcuced in 4.10 ?
> >>>     >
> >>>     >
> >>>     >
> >>>     >
> >>>     >
> >>>     >
> >>>     >
> >>>
> >>>
> >>>
> >>>
> >>>
> >
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message