cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Will Stevens <williamstev...@gmail.com>
Subject Re: [4.10] VPN disconnected while network changes taken
Date Mon, 24 Apr 2017 17:41:19 GMT
@remi yes, I think you are right that we should change that for the
site2site config. I will check that after.

The issue referred to in this thread is in reference to the remote access
VPN dropping when other networking is configured.

In this case it is not a mystery why it is going down since we actually
call a down on it when it gets reconfigured. I have been trying to get it
to handle network config changes without taking down the VPN.

I have obviously removed the explicit down and am trying to find a working
configuration, but when xl2tpd is stopped, it goes down hard and when it
comes back up it can't find the same tunnel, so the tunnel is dropped.

I will review your config to see how you are handling this.

Thanks for the support.

On Apr 24, 2017 1:02 PM, "Remi Bergsma" <RBergsma@schubergphilis.com> wrote:

> Hi all,
>
> While I haven’t investigated this issue, it does sound similar to what I
> fixed in Cosmic (our fork) last month.
>
> This code does a down/up of the VPN connection:
> https://github.com/apache/cloudstack/blob/master/systemvm/patches/debian/
> config/opt/cloud/bin/configure.py#L547-L548
>
> We found that to be impacting. Since we have auto=start in the config file
> already, we only have to reload the config and ipsec will take care of the
> rest on its own. Fast & easy! Most of all, no more unneeded restarts.
>
> Simply put: just remove the stop/start lines as it is not needed.
> The code is also hit when non-VPN changes are made, so that’s probably why
> people report that another change causes it to disconnect.
>
> This is how we fixed it:
> https://github.com/MissionCriticalCloud/cosmic/pull/339/commits/
> 5ee5e70894a321f4d633c836e0bacef481b2b9af
>
> Hope this gives some inspiration and a possible solution.
>
> Regards, Remi
>
>
>
> On 24/04/2017, 17:50, "williamstevens@gmail.com on behalf of Will
> Stevens" <williamstevens@gmail.com on behalf of wstevens@cloudops.com>
> wrote:
>
>     Working on it now, I will let you know when I have a fix.
>
>     *Will STEVENS*
>     Lead Developer
>
>     <https://goo.gl/NYZ8KK>
>
>     On Mon, Apr 24, 2017 at 11:34 AM, Haijiao <18602198181@163.com> wrote:
>
>     > Hi Will
>     >
>     > Any progress about this issue ?
>     >
>     > tks
>     >
>     >
>     > Sent from my mobile
>     >
>     > --------- 转发的邮件 ---------
>     > 发件人: Haijiao <18602198181@163.com>
>     > 发送日期: 2017年04月14日 23:21
>     > 收件人: dev <dev@cloudstack.apache.org>
>     > 抄送人:
>     > 主题: Re:Re: [4.10] VPN disconnected while network changes taken
>     > Sure, Karuturi
>     >
>     > Logged a bug in Jira,  thanks!
>     >
>     > CLOUDSTACK-9878 Remote Access VPN that losing connection when new
> network
>     > configs are introduced
>     > https://issues.apache.org/jira/browse/CLOUDSTACK-9878
>     >
>     >
>     >
>     > 在2017年04月14 13时14分, "Rajani Karuturi"<rajani@apache.org>写道:
>     >
>     >
>     > Hi Haijiao,
>     >
>     > Thanks for testing. Can you log a bug for this please? It can be
>     > a blocker for 4.10.
>     >
>     > @Will,
>     >
>     > Did you get a chance to take a look at this issue?
>     >
>     > Thanks,
>     >
>     > ~ Rajani
>     >
>     > http://cloudplatform.accelerite.com/
>     >
>     > On April 12, 2017 at 7:12 AM, Will Stevens
>     > (wstevens@cloudops.com) wrote:
>     >
>     > Thanks, I will have a look.
>     >
>     > *Will STEVENS*
>     > Lead Developer
>     >
>     > <https://goo.gl/NYZ8KK>
>     >
>     > On Tue, Apr 11, 2017 at 8:58 PM, Haijiao <18602198181@163.com>
>     > wrote:
>     >
>     > HI, Will
>     > It's a Remote Access VPN that losing connection while new
>     > network configs
>     > introduced.
>     > Thanks !
>     >
>     > 在2017年04月12 02时26分, "Will Stevens"<wstevens@cloudops.com>写道:
>     >
>     > Is this a Site-to-Site VPN connection or the Remote Access VPN
>     > that is
>     > losing connection when new network configs are introduced?
>     >
>     > Thanks,
>     >
>     > *Will STEVENS*
>     > Lead Developer
>     >
>     > <https://goo.gl/NYZ8KK>
>     >
>     > On Sat, Apr 8, 2017 at 12:49 AM, Haijiao <18602198181@163.com>
>     > wrote:
>     >
>     > Hi,
>     >
>     > We built and tested the ACS 4.10 from the latest master (Apr.7,
>     > 2017)
>     >
>     > Our environment is,
>     > - ACS: 4.10.0.0-SNAPSHOT
>     > - Management Server: Centos7.2 1151
>     > - Host: Centos7.2 1151
>     > - System VM: systemvm64template-master-4.10.0-kvm.qcow2.bz2
>     > - Network: Isolated Network
>     > - Network Offering: Offering for Isolated networks with Source
>     > Nat
>     >
>     > service
>     >
>     > enabled
>     >
>     > We can successfully setup VPN and it works as expected. However,
>     > once
>     >
>     > we
>     >
>     > take any network changes below, the VPN connnection will be
>     > immediately
>     > disconnected.
>     >
>     > - Update firewall rules (add/change)
>     > - Update port fowarding
>     > - Update LB
>     > - Add one more VPN account
>     >
>     > Is there some configuration we missed ? Or it's due to the new
>     > VPN
>     > component (StrongSWAN) introcuced in 4.10 ?
>     >
>     >
>     >
>     >
>     >
>     >
>     >
>
>
>
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message