cloudstack-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Chandan Purushothama (JIRA)" <j...@apache.org>
Subject [jira] [Created] (CLOUDSTACK-5297) RemoteVPNonVPC : VPN Access is not respecting the ACL INBOUND chain rules of the Network Tiers
Date Thu, 28 Nov 2013 00:39:36 GMT
Chandan Purushothama created CLOUDSTACK-5297:
------------------------------------------------

             Summary: RemoteVPNonVPC :  VPN Access is not respecting the ACL INBOUND chain
rules of the Network Tiers
                 Key: CLOUDSTACK-5297
                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-5297
             Project: CloudStack
          Issue Type: Bug
      Security Level: Public (Anyone can view this level - this is the default.)
          Components: Management Server
    Affects Versions: 4.3.0
            Reporter: Chandan Purushothama
            Priority: Critical
             Fix For: 4.3.0


Remote VPN Access to a VPC is not respecting the ACL INBOUND chain rules of the Network Tiers
in the VPC.

Steps to Reproduce:

1. Deploy a VPC with a network tier in it. Deploy a VM in the network tier. Locate router/public
ip for the VPC and enable Remote access vpn on it.
2. note preshared key
3. create a vpn user using addVpnUser API(using valid username and password)
4. from a standalone linux machine configure vpn to point to public ip address
5. Add a DENY ACL Rule on ALL protocols to network tier's ACL List such that it blocks ssh
access to the client's network.
6. ssh (using putty or any other terminal client) to the vm in network tier provisioned earlier.

I am able to successfully ssh into the VM inspite of the DROP rules in the ACL INBOUND chain



--
This message was sent by Atlassian JIRA
(v6.1#6144)

Mime
View raw message