cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Pierre-Luc Dion <pd...@cloudops.com>
Subject Re: Fail with vpn customer gateway creation through terraform
Date Wed, 22 Nov 2017 00:14:55 GMT
Hi Nux,

Could it be your cloudstack version ?  modp3072 is recent I think in
CloudStack so if you run a older version maybe it's not there?



On Tue, Nov 21, 2017 at 6:55 PM, Nux! <nux@li.nux.ro> wrote:

> Thanks Chiradeep,
>
> Checked but brain says no. What should I have learned from there?
>
> AFAIK this is a terraform fail.
>
> Lucian
>
> --
> Sent from the Delta quadrant using Borg technology!
>
> Nux!
> www.nux.ro
>
> ----- Original Message -----
> > From: "Chiradeep Vittal" <chiradeepv@gmail.com>
> > To: "dev" <dev@cloudstack.apache.org>
> > Sent: Tuesday, 21 November, 2017 19:14:16
> > Subject: Re: Fail with vpn customer gateway creation through terraform
>
> > Check
> > https://github.com/apache/cloudstack/blob/77864992fe8f80dbabd1240f6373d2
> ba3e98713c/utils/src/main/java/com/cloud/utils/net/NetUtils.java#L1221
> >
> > On Tue, Nov 21, 2017 at 10:11 AM, Nux! <nux@li.nux.ro> wrote:
> >
> >> Hi,
> >>
> >> I'm trying out terraform and had success so far, except for the vpn
> >> customer gateway feature.
> >> For some reason, terraform fails to create it, though I use the same
> >> options as in UI/cloudmonkey where it works just fine.
> >>
> >> The snippet for it is:
> >>
> >> resource "cloudstack_vpn_customer_gateway" "default" {
> >>   name       = "test-vpc"
> >>   cidr       = "10.0.0.0/24"
> >>   esp_policy = "aes256-sha1"
> >>   gateway    = "1.2.3.4"
> >>   ike_policy = "sha1-aes256;modp3072"
> >>   ipsec_psk  = "terraformxyz7"
> >> }
> >>
> >> It always complains about the ike_policy:
> >> * cloudstack_vpn_customer_gateway.default: Error creating VPN Customer
> >> Gateway test-vpc: Undefined error: {"errorcode":431,"errortext":"The
> >> customer gateway IKE policy sha1-aes256;modp3072 is invalid!  Verify the
> >> required Diffie Hellman (DH) group is specified."}
> >>
> >> I tried all sorts of ways to write the ike_policy, escaped, web
> >> encoded/decoded, nothing worked. What am I missing?
> >> The example terraform docs provide suffers the same fate.
> >>
> >> Lucian
> >>
> >> --
> >> Sent from the Delta quadrant using Borg technology!
> >>
> >> Nux!
> >> www.nux.ro
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message