cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Will Stevens <williamstev...@gmail.com>
Subject Re: [4.10] VPN disconnected while network changes taken
Date Mon, 24 Apr 2017 17:49:08 GMT
I am trying to find a way to remove this explicit down and still be able to
keep the VPN connection up.

https://github.com/apache/cloudstack/blob/master/systemvm/patches/debian/config/opt/cloud/bin/configure.py#L638

On Mon, Apr 24, 2017 at 1:41 PM, Will Stevens <williamstevens@gmail.com>
wrote:

> @remi yes, I think you are right that we should change that for the
> site2site config. I will check that after.
>
> The issue referred to in this thread is in reference to the remote access
> VPN dropping when other networking is configured.
>
> In this case it is not a mystery why it is going down since we actually
> call a down on it when it gets reconfigured. I have been trying to get it
> to handle network config changes without taking down the VPN.
>
> I have obviously removed the explicit down and am trying to find a working
> configuration, but when xl2tpd is stopped, it goes down hard and when it
> comes back up it can't find the same tunnel, so the tunnel is dropped.
>
> I will review your config to see how you are handling this.
>
> Thanks for the support.
>
> On Apr 24, 2017 1:02 PM, "Remi Bergsma" <RBergsma@schubergphilis.com>
> wrote:
>
>> Hi all,
>>
>> While I haven’t investigated this issue, it does sound similar to what I
>> fixed in Cosmic (our fork) last month.
>>
>> This code does a down/up of the VPN connection:
>> https://github.com/apache/cloudstack/blob/master/systemvm/
>> patches/debian/config/opt/cloud/bin/configure.py#L547-L548
>>
>> We found that to be impacting. Since we have auto=start in the config
>> file already, we only have to reload the config and ipsec will take care of
>> the rest on its own. Fast & easy! Most of all, no more unneeded restarts.
>>
>> Simply put: just remove the stop/start lines as it is not needed.
>> The code is also hit when non-VPN changes are made, so that’s probably
>> why people report that another change causes it to disconnect.
>>
>> This is how we fixed it:
>> https://github.com/MissionCriticalCloud/cosmic/pull/339/
>> commits/5ee5e70894a321f4d633c836e0bacef481b2b9af
>>
>> Hope this gives some inspiration and a possible solution.
>>
>> Regards, Remi
>>
>>
>>
>> On 24/04/2017, 17:50, "williamstevens@gmail.com on behalf of Will
>> Stevens" <williamstevens@gmail.com on behalf of wstevens@cloudops.com>
>> wrote:
>>
>>     Working on it now, I will let you know when I have a fix.
>>
>>     *Will STEVENS*
>>     Lead Developer
>>
>>     <https://goo.gl/NYZ8KK>
>>
>>     On Mon, Apr 24, 2017 at 11:34 AM, Haijiao <18602198181@163.com>
>> wrote:
>>
>>     > Hi Will
>>     >
>>     > Any progress about this issue ?
>>     >
>>     > tks
>>     >
>>     >
>>     > Sent from my mobile
>>     >
>>     > --------- 转发的邮件 ---------
>>     > 发件人: Haijiao <18602198181@163.com>
>>     > 发送日期: 2017年04月14日 23:21
>>     > 收件人: dev <dev@cloudstack.apache.org>
>>     > 抄送人:
>>     > 主题: Re:Re: [4.10] VPN disconnected while network changes taken
>>     > Sure, Karuturi
>>     >
>>     > Logged a bug in Jira,  thanks!
>>     >
>>     > CLOUDSTACK-9878 Remote Access VPN that losing connection when new
>> network
>>     > configs are introduced
>>     > https://issues.apache.org/jira/browse/CLOUDSTACK-9878
>>     >
>>     >
>>     >
>>     > 在2017年04月14 13时14分, "Rajani Karuturi"<rajani@apache.org>写道:
>>     >
>>     >
>>     > Hi Haijiao,
>>     >
>>     > Thanks for testing. Can you log a bug for this please? It can be
>>     > a blocker for 4.10.
>>     >
>>     > @Will,
>>     >
>>     > Did you get a chance to take a look at this issue?
>>     >
>>     > Thanks,
>>     >
>>     > ~ Rajani
>>     >
>>     > http://cloudplatform.accelerite.com/
>>     >
>>     > On April 12, 2017 at 7:12 AM, Will Stevens
>>     > (wstevens@cloudops.com) wrote:
>>     >
>>     > Thanks, I will have a look.
>>     >
>>     > *Will STEVENS*
>>     > Lead Developer
>>     >
>>     > <https://goo.gl/NYZ8KK>
>>     >
>>     > On Tue, Apr 11, 2017 at 8:58 PM, Haijiao <18602198181@163.com>
>>     > wrote:
>>     >
>>     > HI, Will
>>     > It's a Remote Access VPN that losing connection while new
>>     > network configs
>>     > introduced.
>>     > Thanks !
>>     >
>>     > 在2017年04月12 02时26分, "Will Stevens"<wstevens@cloudops.com>写道:
>>     >
>>     > Is this a Site-to-Site VPN connection or the Remote Access VPN
>>     > that is
>>     > losing connection when new network configs are introduced?
>>     >
>>     > Thanks,
>>     >
>>     > *Will STEVENS*
>>     > Lead Developer
>>     >
>>     > <https://goo.gl/NYZ8KK>
>>     >
>>     > On Sat, Apr 8, 2017 at 12:49 AM, Haijiao <18602198181@163.com>
>>     > wrote:
>>     >
>>     > Hi,
>>     >
>>     > We built and tested the ACS 4.10 from the latest master (Apr.7,
>>     > 2017)
>>     >
>>     > Our environment is,
>>     > - ACS: 4.10.0.0-SNAPSHOT
>>     > - Management Server: Centos7.2 1151
>>     > - Host: Centos7.2 1151
>>     > - System VM: systemvm64template-master-4.10.0-kvm.qcow2.bz2
>>     > - Network: Isolated Network
>>     > - Network Offering: Offering for Isolated networks with Source
>>     > Nat
>>     >
>>     > service
>>     >
>>     > enabled
>>     >
>>     > We can successfully setup VPN and it works as expected. However,
>>     > once
>>     >
>>     > we
>>     >
>>     > take any network changes below, the VPN connnection will be
>>     > immediately
>>     > disconnected.
>>     >
>>     > - Update firewall rules (add/change)
>>     > - Update port fowarding
>>     > - Update LB
>>     > - Add one more VPN account
>>     >
>>     > Is there some configuration we missed ? Or it's due to the new
>>     > VPN
>>     > component (StrongSWAN) introcuced in 4.10 ?
>>     >
>>     >
>>     >
>>     >
>>     >
>>     >
>>     >
>>
>>
>>
>>
>>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message