cloudstack-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF subversion and git services (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CLOUDSTACK-5297) RemoteVPNonVPC : VPN Access is not respecting the ACL INBOUND chain rules of the Network Tiers
Date Tue, 10 Dec 2013 01:34:07 GMT

    [ https://issues.apache.org/jira/browse/CLOUDSTACK-5297?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13843807#comment-13843807
] 

ASF subversion and git services commented on CLOUDSTACK-5297:
-------------------------------------------------------------

Commit 3ccdf67dfbb5cc1985e127de6138503edacb78df in branch refs/heads/master from [~yasker]
[ https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;h=3ccdf67 ]

CLOUDSTACK-5297: Fix ACL rules on VPN for VPC

Insert a new iptables chain for FORWARD chain, in order to let following ACL
rules being executed as well.


> RemoteVPNonVPC :  VPN Access is not respecting the ACL INBOUND chain rules of the Network
Tiers
> -----------------------------------------------------------------------------------------------
>
>                 Key: CLOUDSTACK-5297
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-5297
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the default.) 
>          Components: Management Server
>    Affects Versions: 4.3.0
>            Reporter: Chandan Purushothama
>            Assignee: Sheng Yang
>            Priority: Critical
>             Fix For: 4.3.0
>
>
> Remote VPN Access to a VPC is not respecting the ACL INBOUND chain rules of the Network
Tiers in the VPC.
> Steps to Reproduce:
> 1. Deploy a VPC with a network tier in it. Deploy a VM in the network tier. Locate router/public
ip for the VPC and enable Remote access vpn on it.
> 2. note preshared key
> 3. create a vpn user using addVpnUser API(using valid username and password)
> 4. from a standalone linux machine configure vpn to point to public ip address
> 5. Add a DENY ACL Rule on ALL protocols to network tier's ACL List such that it blocks
ssh access to the client's network.
> 6. ssh (using putty or any other terminal client) to the vm in network tier provisioned
earlier.
> I am able to successfully ssh into the VM inspite of the DROP rules in the ACL INBOUND
chain



--
This message was sent by Atlassian JIRA
(v6.1.4#6159)

Mime
View raw message