Return-Path: <dev-return-108991-archive-asf-public=cust-asf.ponee.io@cloudstack.apache.org>
X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io
Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io
Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183])
	by cust-asf2.ponee.io (Postfix) with ESMTP id 56668200C5B
	for <archive-asf-public-internal@cust-asf2.ponee.io>; Thu, 27 Apr 2017 19:37:14 +0200 (CEST)
Received: by cust-asf.ponee.io (Postfix)
	id 54E2E160BA7; Thu, 27 Apr 2017 17:37:14 +0000 (UTC)
Delivered-To: archive-asf-public@cust-asf.ponee.io
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by cust-asf.ponee.io (Postfix) with SMTP id 751C5160B9E
	for <archive-asf-public@cust-asf.ponee.io>; Thu, 27 Apr 2017 19:37:13 +0200 (CEST)
Received: (qmail 43101 invoked by uid 500); 27 Apr 2017 17:37:07 -0000
Mailing-List: contact dev-help@cloudstack.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:dev-help@cloudstack.apache.org>
List-Unsubscribe: <mailto:dev-unsubscribe@cloudstack.apache.org>
List-Post: <mailto:dev@cloudstack.apache.org>
List-Id: <dev.cloudstack.apache.org>
Reply-To: dev@cloudstack.apache.org
Delivered-To: mailing list dev@cloudstack.apache.org
Received: (qmail 42941 invoked by uid 99); 27 Apr 2017 17:37:07 -0000
Received: from pnap-us-west-generic-nat.apache.org (HELO spamd2-us-west.apache.org) (209.188.14.142)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 27 Apr 2017 17:37:07 +0000
Received: from localhost (localhost [127.0.0.1])
	by spamd2-us-west.apache.org (ASF Mail Server at spamd2-us-west.apache.org) with ESMTP id D71961B0E45
	for <dev@cloudstack.apache.org>; Thu, 27 Apr 2017 17:37:06 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at spamd2-us-west.apache.org
X-Spam-Flag: NO
X-Spam-Score: 2.491
X-Spam-Level: **
X-Spam-Status: No, score=2.491 tagged_above=-999 required=6.31
	tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
	HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=2,
	RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01,
	RCVD_IN_MSPIKE_WL=-0.01, RCVD_IN_SORBS_SPAM=0.5, SPF_PASS=-0.001,
	T_REMOTE_IMAGE=0.01, URIBL_BLOCKED=0.001] autolearn=disabled
Authentication-Results: spamd2-us-west.apache.org (amavisd-new);
	dkim=pass (2048-bit key) header.d=gmail.com
Received: from mx1-lw-us.apache.org ([10.40.0.8])
	by localhost (spamd2-us-west.apache.org [10.40.0.9]) (amavisd-new, port 10024)
	with ESMTP id AqCH6eU-uqSC for <dev@cloudstack.apache.org>;
	Thu, 27 Apr 2017 17:37:04 +0000 (UTC)
Received: from mail-it0-f41.google.com (mail-it0-f41.google.com [209.85.214.41])
	by mx1-lw-us.apache.org (ASF Mail Server at mx1-lw-us.apache.org) with ESMTPS id 8A25D5F177
	for <dev@cloudstack.apache.org>; Thu, 27 Apr 2017 17:37:04 +0000 (UTC)
Received: by mail-it0-f41.google.com with SMTP id x188so18054044itb.0
        for <dev@cloudstack.apache.org>; Thu, 27 Apr 2017 10:37:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=mime-version:sender:in-reply-to:references:from:date:message-id
         :subject:to;
        bh=2b0TFfNP2J1Y3qXUKnQKv3ShAoD5jfyclB3vUE/cCw4=;
        b=C8cfgxn3j5RIoSyNYsRumffCU7UJePYHTvCDjwMYIxCdxV9goFoiVzqk//DY5CaUTA
         qPIDISdrXVnt2eECV3DCCpf5Jrz0cbWfliGw7LD1Lqqr3a3UaCUh0kVeqVexWabDER+q
         gKeoqg9IFTkKTYRcZxUEaAyMh6xA5gkGnU7f4d2J61ZBxvZ7aAsTYxUwZIruq/ufR0c+
         /LP4E2YwNKLcv4v9e+ZGNJ+0oZvRiGP1s5XnlanfxtVLJ1Degpmjt1yGw0dMSWXDJgMr
         1kCqKLecq9U+AfRd8SjllkrwtJjk5oDNrLHWSQtSE8j0qPQcFQSxk4eKHLan/Ue/MlA2
         m0+g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:sender:in-reply-to:references:from
         :date:message-id:subject:to;
        bh=2b0TFfNP2J1Y3qXUKnQKv3ShAoD5jfyclB3vUE/cCw4=;
        b=G/LGw1X/9QBRNo1xKhi3GWbZbBKmSa18hPdSd3ETFYGmArJxlTXV8XQDlH4E1tfVsF
         RpdUCwv7pACG2VU0Lm1B78oOu3lVIgaH2TtNQsmltlCMeaBxLT3Er0cwgaHarOzHl4u/
         8jW8Wbp38erA1QQBvYhr7FhCrsh19fLE9BFFnoLcHRcBIINHM/adcEqzZkDIrofif7rM
         0+DFyvXmUC/M/UsIiMP3RIMirBc+Au+lV4pHxeQZ9W0uun0hqxvnSw0tcyy7HLFgBLlv
         BqnlernGwISAXHEaRZscbmGG3KFKMfKvghyR5txhf8BLXjbD/KEmBRzwvc80evTA0htW
         GsBA==
X-Gm-Message-State: AN3rC/7hSgRaE1l4qPlaWVoHffLJ6vHaCInk/p+wzUwfxqdwgj4E2c4L
	fN9sokpiARmN7vocOLrQpJ3F05RecA==
X-Received: by 10.202.184.195 with SMTP id i186mr2741002oif.130.1493314623918;
 Thu, 27 Apr 2017 10:37:03 -0700 (PDT)
MIME-Version: 1.0
Sender: williamstevens@gmail.com
Received: by 10.182.125.133 with HTTP; Thu, 27 Apr 2017 10:37:03 -0700 (PDT)
In-Reply-To: <CAC2panpW+OWLekopb0oe7P58w1qkO4fKSO6DKH=SNi5u_EcWEw@mail.gmail.com>
References: <29a31ec2.f702.15ba09923b5.Coremail.18602198181@163.com>
 <CAC2panoBP1Om7cK972j79EnYkNFOXiMt=OxeWrX-c+_4HGV83g@mail.gmail.com>
 <1f22ecf6.1c0.15ba407dc26.Coremail.18602198181@163.com> <4d9f98fd.188.15ba8f74e3a.Coremail.18602198181@163.com>
 <CAC2panpW+OWLekopb0oe7P58w1qkO4fKSO6DKH=SNi5u_EcWEw@mail.gmail.com>
From: Will Stevens <wstevens@cloudops.com>
Date: Thu, 27 Apr 2017 13:37:03 -0400
X-Google-Sender-Auth: Ffep8d-kBW6OoLq41ecuFXQswuY
Message-ID: <CAC2panqqvdx2FKjcmd0_tjODZkW1yV2kRRA1b7Khgn28_tzZ6Q@mail.gmail.com>
Subject: Re: Re:Re: Fw: [4.10] VPN disconnected while network changes taken
To: "dev@cloudstack.apache.org" <dev@cloudstack.apache.org>, Haijiao <18602198181@163.com>
Content-Type: multipart/alternative; boundary=001a113ce010b25a1e054e29675a
archived-at: Thu, 27 Apr 2017 17:37:14 -0000

--001a113ce010b25a1e054e29675a
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

Hey Haijiao,
I believe I have fixed all the problems you have raised now with this PR:
https://github.com/apache/cloudstack/pull/2062

In this process I also fixed a couple other Remote Access VPN bugs which
were undesired.

Let me know if you have any other issues with this.

Cheers,

*Will STEVENS*
Lead Developer

<https://goo.gl/NYZ8KK>

On Wed, Apr 26, 2017 at 9:01 AM, Will Stevens <wstevens@cloudops.com> wrote=
:

> I will look into the VPN user issue. I did not look at that and it is a
> different code path. I need to be able to reconfigure the VPN legitimatel=
y,
> so I will see if I can reload while not touching the established
> connections. Thanks for testing, I should be able to look at this today t=
o
> see if I can fix the remaining issue.
>
> On Apr 26, 2017 2:35 AM, "Haijiao" <18602198181@163.com> wrote:
>
>> Hi, Will
>>
>>
>>
>> We have tested this fix.  The remote VPN connection is now working fine
>> while network changes taken.
>>
>>
>> However, we noticed if we try to add/delete VPN accounts,  the connectio=
n
>> will be disconnected again.
>>
>>
>> It seems the issue is not completely fixed yet.
>>
>>
>> Regards,
>>
>>
>> =E5=9C=A82017=E5=B9=B404=E6=9C=8825 15=E6=97=B633=E5=88=86, "Haijiao"<18=
602198181@163.com>=E5=86=99=E9=81=93:
>>
>> Thanks Will,
>>
>>
>> will test this week.
>>
>>
>>
>>
>>
>>
>> =E5=9C=A82017=E5=B9=B404=E6=9C=8825 04=E6=97=B603=E5=88=86, "Will Steven=
s"<wstevens@cloudops.com>=E5=86=99=E9=81=93:
>>
>>
>> Here is the fix to this: https://github.com/apache/cloudstack/pull/2062
>>
>>
>> Will STEVENS
>>
>> Lead Developer
>>
>>
>>
>>
>>
>>
>> On Mon, Apr 24, 2017 at 11:34 AM, Haijiao <18602198181@163.com> wrote:
>>
>> Hi Will
>>
>> Any progress about this issue ?
>>
>> tks
>>
>>
>> Sent from my mobile
>>
>>
>>
>> --------- =E8=BD=AC=E5=8F=91=E7=9A=84=E9=82=AE=E4=BB=B6 ---------
>>
>> =E5=8F=91=E4=BB=B6=E4=BA=BA=EF=BC=9A                Haijiao
>> =E5=8F=91=E9=80=81=E6=97=A5=E6=9C=9F=EF=BC=9A                2017=E5=B9=
=B404=E6=9C=8814=E6=97=A5 23:21
>> =E6=94=B6=E4=BB=B6=E4=BA=BA=EF=BC=9A                dev
>> =E6=8A=84=E9=80=81=E4=BA=BA=EF=BC=9A
>> =E4=B8=BB=E9=A2=98=EF=BC=9A                Re:Re: [4.10] VPN disconnecte=
d while network changes
>> taken
>> Sure, Karuturi
>>
>>
>> Logged a bug in Jira,  thanks!
>>
>>
>> CLOUDSTACK-9878 Remote Access VPN that losing connection when new networ=
k
>> configs are introduced
>> https://issues.apache.org/jira/browse/CLOUDSTACK-9878
>>
>>
>>
>>
>>
>>
>> =E5=9C=A82017=E5=B9=B404=E6=9C=8814 13=E6=97=B614=E5=88=86, "Rajani Karu=
turi"<rajani@apache.org>=E5=86=99=E9=81=93:
>>
>> Hi Haijiao,
>>
>> Thanks for testing. Can you log a bug for this please? It can be
>> a blocker for 4.10.
>>
>> @Will,
>>
>> Did you get a chance to take a look at this issue?
>>
>> Thanks,
>>
>> ~ Rajani
>>
>> http://cloudplatform.accelerite.com/
>>
>> On April 12, 2017 at 7:12 AM, Will Stevens
>> (wstevens@cloudops.com) wrote:
>>
>> Thanks, I will have a look.
>>
>> *Will STEVENS*
>> Lead Developer
>>
>> <https://goo.gl/NYZ8KK>
>>
>> On Tue, Apr 11, 2017 at 8:58 PM, Haijiao <18602198181@163.com>
>> wrote:
>>
>> HI, Will
>> It's a Remote Access VPN that losing connection while new
>> network configs
>> introduced.
>> Thanks !
>>
>> =E5=9C=A82017=E5=B9=B404=E6=9C=8812 02=E6=97=B626=E5=88=86, "Will Steven=
s"<wstevens@cloudops.com>=E5=86=99=E9=81=93:
>>
>> Is this a Site-to-Site VPN connection or the Remote Access VPN
>> that is
>> losing connection when new network configs are introduced?
>>
>> Thanks,
>>
>> *Will STEVENS*
>> Lead Developer
>>
>> <https://goo.gl/NYZ8KK>
>>
>> On Sat, Apr 8, 2017 at 12:49 AM, Haijiao <18602198181@163.com>
>> wrote:
>>
>> Hi,
>>
>> We built and tested the ACS 4.10 from the latest master (Apr.7,
>> 2017)
>>
>> Our environment is,
>> - ACS: 4.10.0.0-SNAPSHOT
>> - Management Server: Centos7.2 1151
>> - Host: Centos7.2 1151
>> - System VM: systemvm64template-master-4.10.0-kvm.qcow2.bz2
>> - Network: Isolated Network
>> - Network Offering: Offering for Isolated networks with Source
>> Nat
>>
>> service
>>
>> enabled
>>
>> We can successfully setup VPN and it works as expected. However,
>> once
>>
>> we
>>
>> take any network changes below, the VPN connnection will be
>> immediately
>> disconnected.
>>
>> - Update firewall rules (add/change)
>> - Update port fowarding
>> - Update LB
>> - Add one more VPN account
>>
>> Is there some configuration we missed ? Or it's due to the new
>> VPN
>> component (StrongSWAN) introcuced in 4.10 ?
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>

--001a113ce010b25a1e054e29675a--