cloudstack-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF subversion and git services (JIRA)" <>
Subject [jira] [Commented] (CLOUDSTACK-6747) Allowing non rfc1918 networks on the other end of VPC Site 2 Site VPN
Date Wed, 25 Jun 2014 15:19:26 GMT


ASF subversion and git services commented on CLOUDSTACK-6747:

Commit 86aff86b7872485d7068c4b8ee2c759d54b2112f in cloudstack's branch refs/heads/4.4 from
[;h=86aff86 ]

CLOUDSTACK-6747: call a more forgiving test on the supplied peer
(cherry picked from commit 17850c7aff432a504d65a34d2f22ca7e1952a770)

> Allowing non rfc1918 networks on the other end of VPC Site 2 Site VPN
> ---------------------------------------------------------------------
>                 Key: CLOUDSTACK-6747
>                 URL:
>             Project: CloudStack
>          Issue Type: Improvement
>      Security Level: Public(Anyone can view this level - this is the default.) 
>          Components: Management Server, Network Controller, Virtual Router
>    Affects Versions: 4.2.0, 4.3.0
>            Reporter: Erik Weber
>            Assignee: Daan Hoogland
>             Fix For: Future
> When you configure a Site 2 Site VPN Customer gateway the other end from CloudStack point
of view is not allowed to be outside rfc1918 address scope.
> There are use cases where the client / remote networks use official/public addresses
and you want to encrypt / secure the traffic with VPN.
> Log excerpt:
> 2014-05-21 12:30:42,326 WARN  [c.c.u.n.NetUtils] (API-Job-Executor-7:job-3072 ctx-bf3922b1)
cidr is not RFC 1918 compliant
> 2014-05-21 12:30:42,335 ERROR [c.c.a.ApiAsyncJobDispatcher] (API-Job-Executor-7:job-3072)
Unexpected exception while executing org.apache.cloudstack.api.command.user.vpn.CreateVpnCustomerGatewayCmd
> The customer gateway guest cidr list is invalid guest cidr!
> at
> Expected behavior is that guest cidr should be allowed as long as it's a valid cidr,
including if it's outside of RFC1918

This message was sent by Atlassian JIRA

View raw message