cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jeremy Peterson <jpeter...@acentek.net>
Subject Re: VPC VPN Connectivity Issues
Date Tue, 01 Sep 2015 19:18:54 GMT
So I have yet to see anyone respond to this.

I will be looking more into it tomorrow but if anyone has any suggestions that would be great.

Basically since the VPC network CIDR is 192.168.2.0/24 while the VPN network is 10.1.2.0/24
 I am having issues with using a split tunnel setup connecting to servers that are on the
192.168.2.0/24 network and then also connecting to a Site2Site IPSec tunnel network 192.168.71.0/24.

So I change it to a Full Tunnel and then they cannot route pass the VPC Gateway 10.1.2.1 but
then can ping 192.168.2.X servers and they can ping 192.168.71.X clients.

Jeremy
________________________________________
From: Jeremy Peterson <jpeterson@acentek.net>
Sent: Saturday, August 29, 2015 8:43 PM
To: users@cloudstack.apache.org
Subject: RE: VPC VPN Connectivity Issues

I have set firewall rules to allow 192.168.71.0/24 And 10.1.2.0/24. Still no Internet without
split tunneling over vpn.

Jeremy

Sent from my Verizon Wireless 4G LTE smartphone


-------- Original message --------
From: Jeremy Peterson <jpeterson@acentek.net>
Date: 8/29/2015 10:00 AM (GMT-06:00)
To: users@cloudstack.apache.org
Subject: VPC VPN Connectivity Issues

I am not sure if this was asked or answered but googling has led me no where.


I am running cloudstack 4.5.0,  XenServer 6.5, Advanced networking w/ VLAN segmentation.


I have a VPC setup which i am using a IPSec tunnel back to a zywall firewall and a monowall
firewall.


Monowall                    Cloustack VPC            zywall

192.168.1.0/24            192.168.2.0/24        192.168.71.0/24


Tunnels are setup in vpc for both locations and servers in cloudstack can connect to the world
and connect to the monowall and zywall networks.


Everything is fine with that but when I have a remote user that needs to VPN into the cloudstack
VPC is where i am thrown into a whirlwind of questions.


I setup a VPN connection on the VR for the VPC.

I setup username/password.


The user sets up the connection on his Mac OSX and using split tunnel can connect to the VPN.


My VPN network is 10.1.2.0/24


He receives a 10.1.2.3 ip address.


He is unable to ping the IPSec Tunnel gateways 192.168.1.1 and 192.168.71.1.


He can get to the world as his default gateway is his router.


I switched to push all traffic over the VPN to remove the split tunnel.


He is able to ping the 10.1.2.1 gateway on the VR


He is able to ping his gateway the VPC router 10.1.2.1.


He is able to ping the VPC network's gateway 192.168.2.1

He is unable to get to the world.  I try to ping google dns 8.8.8.8 and it doesnt' get past
the VR 10.1.2.1 in traceroutes.

I am looking for help on this as i'm confused.  If I change him back to a split tunnel as
that would be prefered why is the tunnel not annoucing all networks know to the VR.

I was able to recreate this issue on windows 8.1.

?Jeremy

Mime
View raw message