cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From motty cruz <motty.c...@gmail.com>
Subject Re: CS 4.2.1 VPN connection failed
Date Mon, 03 Mar 2014 23:22:42 GMT
Thanks Geoff,
the problem was in CS I had to create a VPC with /16 mask and once that was
created I created network with mask /24 - to connect to client I was using
/24 but once we used mask 16, connection was successful.

thanks for your help!


On Mon, Mar 3, 2014 at 2:44 PM, Geoff Higginbottom <
geoff.higginbottom@shapeblue.com> wrote:

> Celso,
>
> You should be able to create new ACL lists and also change which one is
> applied to the Tier.
>
> For the VPN return traffic you need to ensure that you have an ACL rule
> allowing the traffic.
>
> You could simply add an allow all rule for the CIDR of the remote network
> in the appropriate ACL List.
>
> Regards
>
> Geoff Higginbottom
> CTO / Cloud Architect
>
> D: +44 20 3603 0542<tel:+442036030542> | S: +44 20 3603 0540<tel:
> +442036030540> | M: +447968161581<tel:+447968161581>
>
> geoff.higginbottom@shapeblue.com<mailto:geoff.higginbottom@shapeblue.com>
> | www.shapeblue.com<htp://www.shapeblue.com/> | Twitter:@cloudstackguru<
> https://twitter.com/#!/cloudstackguru>
>
> ShapeBlue Ltd, 53 Chandos Place, Covent Garden, London, WC2N
> 4HS<x-apple-data-detectors://5>
>
>
> On 3 Mar 2014, at 22:05, "motty cruz" <motty.cruz@gmail.com<mailto:
> motty.cruz@gmail.com>> wrote:
>
> Thanks for your reply Geoff,
>
> in CS
> Network - VPC - vpc1 - Router - Network ACL Lists
>
> I see two default_allow and default_deny, I am unable to change or remove
> this ACLs
>
> Thanks,
> Celso
>
>
> On Mon, Mar 3, 2014 at 1:45 PM, Geoff Higginbottom <
> geoff.higginbottom@shapeblue.com<mailto:geoff.higginbottom@shapeblue.com>>
> wrote:
>
> Do you am have a default allow or default deny on the VPC Tier?
>
> Regards
>
> Geoff Higginbottom
> CTO / Cloud Architect
>
> D: +44 20 3603 0542<tel:+442036030542> | S: +44 20 3603 0540<tel:
> +442036030540> | M: +447968161581<tel:+447968161581>
>
> geoff.higginbottom@shapeblue.com<mailto:geoff.higginbottom@shapeblue.com
> ><mailto:geoff.higginbottom@shapeblue.com>
> | www.shapeblue.com<http://www.shapeblue.com><htp://www.shapeblue.com/> |
> Twitter:@cloudstackguru<
> https://twitter.com/#!/cloudstackguru>
>
> ShapeBlue Ltd, 53 Chandos Place, Covent Garden, London, WC2N
> 4HS<x-apple-data-detectors://5>
>
>
> On 3 Mar 2014, at 21:09, "motty cruz" <motty.cruz@gmail.com<mailto:
> motty.cruz@gmail.com><mailto:
> motty.cruz@gmail.com<mailto:motty.cruz@gmail.com>>> wrote:
>
> Hi Geoff,
>
> the CIDR of the remote network is 192.168.0.0/24
>
> IKE policy : 3des-md5
> ESP policy 3des-md5
> IKE lifetiem : 86400
> ESP lifetime 3600
> dead peer detection yes
> state Error
>
> Status: Resource[Site2SiteVpnConnection:31]is unreachable: Failed to apply
> site-to-site VPN
>
> That is the error i'm getting,
>
> In /var/log/message :
> Mar  3 20:59:23 r-171-VM cloud: ipsectunnel.sh: done ipsec tunnel entry for
> right peer=client_public_ip  right networks=192.168.0.0/24
> Mar  3 20:59:23 r-171-VM cloud: ipsectunnel.sh: checking connection
> status...
> Mar  3 20:59:24 r-171-VM cloud: ipsectunnel.sh: checking connection
> status...
> Mar  3 20:59:25 r-171-VM cloud: ipsectunnel.sh: checking connection
> status...
> Mar  3 20:59:26 r-171-VM cloud: ipsectunnel.sh: checking connection
> status...
> Mar  3 20:59:27 r-171-VM cloud: ipsectunnel.sh: checking connection
> status...
> Mar  3 20:59:28 r-171-VM cloud: ipsectunnel.sh: fail to connect to remote,
> status code: 11
> Mar  3 20:59:28 r-171-VM cloud: ipsectunnel.sh: would stop site-to-site VPN
> connection
> Mar  3 20:59:28 r-171-VM cloud: ipsectunnel.sh: removing configuration for
> ipsec tunnel to client_public_ip
>
>
>
> On Mon, Mar 3, 2014 at 12:27 PM, Geoff Higginbottom <
> geoff.higginbottom@shapeblue.com<mailto:geoff.higginbottom@shapeblue.com
> ><mailto:geoff.higginbottom@shapeblue.com>>
> wrote:
>
> Motty,
>
> What is the CIDR of the remote network ?
>
> Regards
>
> Geoff Higginbottom
> CTO / Cloud Architect
>
> D: +44 20 3603 0542<tel:+442036030542> | S: +44 20 3603 0540<tel:
> +442036030540> | M: +447968161581<tel:+447968161581>
>
> geoff.higginbottom@shapeblue.com<mailto:geoff.higginbottom@shapeblue.com
> ><mailto:geoff.higginbottom@shapeblue.com
> <mailto:geoff.higginbottom@shapeblue.com>
> | www.shapeblue.com<http://www.shapeblue.com><http://www.shapeblue.com
> ><htp://www.shapeblue.com/> |
> Twitter:@cloudstackguru<
> https://twitter.com/#!/cloudstackguru>
>
> ShapeBlue Ltd, 53 Chandos Place, Covent Garden, London, WC2N
> 4HS<x-apple-data-detectors://5>
>
>
> On 3 Mar 2014, at 18:17, "motty cruz" <motty.cruz@gmail.com<mailto:
> motty.cruz@gmail.com><mailto:
> motty.cruz@gmail.com<mailto:motty.cruz@gmail.com>><mailto:
> motty.cruz@gmail.com<mailto:motty.cruz@gmail.com><mailto:
> motty.cruz@gmail.com>>> wrote:
>
> Hello All,
> I'm having issues with a site-to-site VPN connection on Cloudstack Advance
> Network.
>
> vpc-1 CIDR 10.99.0.0/16
>
> vpc-tier-1 10.99.1.0/24
>
> customer gateway match client settings,
>
> in Virtual Router I see connections coming from client IP but no route
> back.
> If I log in to VR, I am able to pint client's IP. The outisde firewall not
> filtering outgoing traffic, and incoming traffic from client's IP is allow
> all.
>
> any idea or suggestions?
>
> Thanks,
> Need Enterprise Grade Support for Apache CloudStack?
> Our CloudStack Infrastructure Support<
> http://shapeblue.com/cloudstack-infrastructure-support/> offers the best
> 24/7 SLA for CloudStack Environments.
>
> Apache CloudStack Bootcamp training courses
>
> **NEW!** CloudStack 4.2.1 training<
> http://shapeblue.com/cloudstack-training/>
> 18th-19th February 2014, Brazil. Classroom<
> http://shapeblue.com/cloudstack-training/>
> 17th-23rd March 2014, Region A. Instructor led, On-line<
> http://shapeblue.com/cloudstack-training/>
> 24th-28th March 2014, Region B. Instructor led, On-line<
> http://shapeblue.com/cloudstack-training/>
> 16th-20th June 2014, Region A. Instructor led, On-line<
> http://shapeblue.com/cloudstack-training/>
> 23rd-27th June 2014, Region B. Instructor led, On-line<
> http://shapeblue.com/cloudstack-training/>
>
> This email and any attachments to it may be confidential and are intended
> solely for the use of the individual to whom it is addressed. Any views or
> opinions expressed are solely those of the author and do not necessarily
> represent those of Shape Blue Ltd or related companies. If you are not the
> intended recipient of this email, you must neither take any action based
> upon its contents, nor copy or show it to anyone. Please contact the sender
> if you believe you have received this email in error. Shape Blue Ltd is a
> company incorporated in England & Wales. ShapeBlue Services India LLP is a
> company incorporated in India and is operated under license from Shape Blue
> Ltd. Shape Blue Brasil Consultoria Ltda is a company incorporated in Brasil
> and is operated under license from Shape Blue Ltd. ShapeBlue is a
> registered trademark.
>
> This email and any attachments to it may be confidential and are intended
> solely for the use of the individual to whom it is addressed. Any views or
> opinions expressed are solely those of the author and do not necessarily
> represent those of Shape Blue Ltd or related companies. If you are not the
> intended recipient of this email, you must neither take any action based
> upon its contents, nor copy or show it to anyone. Please contact the sender
> if you believe you have received this email in error. Shape Blue Ltd is a
> company incorporated in England & Wales. ShapeBlue Services India LLP is a
> company incorporated in India and is operated under license from Shape Blue
> Ltd. Shape Blue Brasil Consultoria Ltda is a company incorporated in Brasil
> and is operated under license from Shape Blue Ltd. ShapeBlue is a
> registered trademark.
>
> This email and any attachments to it may be confidential and are intended
> solely for the use of the individual to whom it is addressed. Any views or
> opinions expressed are solely those of the author and do not necessarily
> represent those of Shape Blue Ltd or related companies. If you are not the
> intended recipient of this email, you must neither take any action based
> upon its contents, nor copy or show it to anyone. Please contact the sender
> if you believe you have received this email in error. Shape Blue Ltd is a
> company incorporated in England & Wales. ShapeBlue Services India LLP is a
> company incorporated in India and is operated under license from Shape Blue
> Ltd. Shape Blue Brasil Consultoria Ltda is a company incorporated in Brasil
> and is operated under license from Shape Blue Ltd. ShapeBlue is a
> registered trademark.
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message