cloudstack-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Erik Weber (JIRA)" <>
Subject [jira] [Created] (CLOUDSTACK-6747) Allowing non rfc1918 networks on the other end of VPC Site 2 Site VPN
Date Thu, 22 May 2014 08:48:39 GMT
Erik Weber created CLOUDSTACK-6747:

             Summary: Allowing non rfc1918 networks on the other end of VPC Site 2 Site VPN
                 Key: CLOUDSTACK-6747
             Project: CloudStack
          Issue Type: Improvement
      Security Level: Public (Anyone can view this level - this is the default.)
          Components: Management Server, Network Controller, Virtual Router
    Affects Versions: 4.2.0, 4.3.0
            Reporter: Erik Weber
            Priority: Minor

When you configure a Site 2 Site VPN Customer gateway the other end from CloudStack point
of view is not allowed to be outside rfc1918 address scope.

There are use cases where the client / remote networks use official/public addresses and you
want to encrypt / secure the traffic with VPN.

Log excerpt:

2014-05-21 12:30:42,326 WARN  [c.c.u.n.NetUtils] (API-Job-Executor-7:job-3072 ctx-bf3922b1)
cidr is not RFC 1918 compliant
2014-05-21 12:30:42,335 ERROR [c.c.a.ApiAsyncJobDispatcher] (API-Job-Executor-7:job-3072)
Unexpected exception while executing org.apache.cloudstack.api.command.user.vpn.CreateVpnCustomerGatewayCmd The customer gateway guest cidr list
is invalid guest cidr!

Expected behavior is that guest cidr should be allowed as long as it's a valid cidr, including
if it's outside of RFC1918

This message was sent by Atlassian JIRA

View raw message