cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jayapal Uradi <>
Subject Re: Fail with vpn customer gateway creation through terraform
Date Wed, 22 Nov 2017 04:20:53 GMT
Hi Lucian,

Try the the following in config, ‘-‘ instead of ‘;’ after the aes256 in the config.

New: "sha1-aes256-modp3072”
Old: "sha1-aes256;modp3072”

On Nov 22, 2017, at 5:44 AM, Pierre-Luc Dion <<>>

Hi Nux,

Could it be your cloudstack version ?  modp3072 is recent I think in
CloudStack so if you run a older version maybe it's not there?

On Tue, Nov 21, 2017 at 6:55 PM, Nux! <<>> wrote:

Thanks Chiradeep,

Checked but brain says no. What should I have learned from there?

AFAIK this is a terraform fail.


Sent from the Delta quadrant using Borg technology!


----- Original Message -----
From: "Chiradeep Vittal" <>
To: "dev" <>
Sent: Tuesday, 21 November, 2017 19:14:16
Subject: Re: Fail with vpn customer gateway creation through terraform


On Tue, Nov 21, 2017 at 10:11 AM, Nux! <> wrote:


I'm trying out terraform and had success so far, except for the vpn
customer gateway feature.
For some reason, terraform fails to create it, though I use the same
options as in UI/cloudmonkey where it works just fine.

The snippet for it is:

resource "cloudstack_vpn_customer_gateway" "default" {
 name       = "test-vpc"
 cidr       = ""
 esp_policy = "aes256-sha1"
 gateway    = ""
 ike_policy = "sha1-aes256;modp3072"
 ipsec_psk  = "terraformxyz7"

It always complains about the ike_policy:
* cloudstack_vpn_customer_gateway.default: Error creating VPN Customer
Gateway test-vpc: Undefined error: {"errorcode":431,"errortext":"The
customer gateway IKE policy sha1-aes256;modp3072 is invalid!  Verify the
required Diffie Hellman (DH) group is specified."}

I tried all sorts of ways to write the ike_policy, escaped, web
encoded/decoded, nothing worked. What am I missing?
The example terraform docs provide suffers the same fate.


Sent from the Delta quadrant using Borg technology!


This e-mail may contain privileged and confidential information which is the property of Accelerite,
a Persistent Systems business. It is intended only for the use of the individual or entity
to which it is addressed. If you are not the intended recipient, you are not authorized to
read, retain, copy, print, distribute or use this message. If you have received this communication
in error, please notify the sender and delete all copies of this message. Accelerite, a Persistent
Systems business does not accept any liability for virus infected mails.
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message