cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andrija Panic <andrija.pa...@gmail.com>
Subject Re: VPC VPN Connectivity Issues
Date Thu, 10 Sep 2015 12:25:06 GMT
ok, I also do that, route all traffic over VPN, but in that case, you need
to know Internet stops working on your laptop :) not nice, but good
security :)

On 10 September 2015 at 14:15, Jeremy Peterson <jpeterson@acentek.net>
wrote:

> I first thought of that but he doesn't know root and cannot sudo to add
> routes.
>
> That's why I changed it to a full tunnel pushing all traffic over the VPN.
>
> Jeremy
>
> -----Original Message-----
> From: Sam Ceylani [mailto:sam@mistercertified.com]
> Sent: Wednesday, September 9, 2015 6:52 PM
> To: <users@cloudstack.apache.org> <users@cloudstack.apache.org>
> Subject: Re: VPC VPN Connectivity Issues
>
> on windows -- vpn client automatically adds route for your vpc network,
> check route -n on mac from terminal to see route is there and add manually
> if required...
>
> Sent from my iPhone
>
> > On Sep 9, 2015, at 7:47 PM, Jeremy Peterson <jpeterson@acentek.net>
> wrote:
> >
> > So I'm still looking into this has anyone ever tried this?
> >
> > Do you have anyone I can talk to?
> >
> > I've been asking since 8.29.2015
> >
> > I guess the issue is on a Mac since my VPN network is 10.1.2.0/24 and
> my VPC network is 192.168.2.0/24 he cannot connect.
> > I tested it out on windows 8, 7, 10, 8.1 all work as expected.
> >
> > I don't have a Mac I can test with so I was hoping someone here would
> have any advise.
> >
> > Jeremy
> >
> > -----Original Message-----
> > From: Jeremy Peterson [mailto:jpeterson@acentek.net]
> > Sent: Tuesday, September 8, 2015 8:12 AM
> > To: users@cloudstack.apache.org
> > Subject: RE: VPC VPN Connectivity Issues
> >
> > No my issue is not resolved I've been reaching out to the IRC channel
> and have not received notification of anyone knowing what my issue could be.
> >
> > It would be great to get some traction this week on the issue.  I keep
> having to open ACL for public access to the servers as this user is unable
> to get to the server via VPN.
> >
> > Jeremy
> >
> > -----Original Message-----
> > From: Remi Bergsma [mailto:RBergsma@schubergphilis.com]
> > Sent: Saturday, September 5, 2015 10:11 AM
> > To: <users@cloudstack.apache.org> <users@cloudstack.apache.org>
> > Subject: Re: VPC VPN Connectivity Issues
> >
> > Hi Jeremy,
> >
> > Did you already solve your problem?
> >
> > Not sure if it is possible to use the IPSec tunnels from remote VPN.
> Firewall might be too strict, but haven't looked yet.
> >
> > Regards, Remi
> >
> > Sent from my iPhone
> >
> >> On 29 Aug 2015, at 17:00, Jeremy Peterson <jpeterson@acentek.net>
> wrote:
> >>
> >> I am not sure if this was asked or answered but googling has led me no
> where.
> >>
> >>
> >> I am running cloudstack 4.5.0,  XenServer 6.5, Advanced networking w/
> VLAN segmentation.
> >>
> >>
> >> I have a VPC setup which i am using a IPSec tunnel back to a zywall
> firewall and a monowall firewall.
> >>
> >>
> >> Monowall                    Cloustack VPC            zywall
> >>
> >> 192.168.1.0/24            192.168.2.0/24        192.168.71.0/24
> >>
> >>
> >> Tunnels are setup in vpc for both locations and servers in cloudstack
> can connect to the world and connect to the monowall and zywall networks.
> >>
> >>
> >> Everything is fine with that but when I have a remote user that needs
> to VPN into the cloudstack VPC is where i am thrown into a whirlwind of
> questions.
> >>
> >>
> >> I setup a VPN connection on the VR for the VPC.
> >>
> >> I setup username/password.
> >>
> >>
> >> The user sets up the connection on his Mac OSX and using split tunnel
> can connect to the VPN.
> >>
> >>
> >> My VPN network is 10.1.2.0/24
> >>
> >>
> >> He receives a 10.1.2.3 ip address.
> >>
> >>
> >> He is unable to ping the IPSec Tunnel gateways 192.168.1.1 and
> 192.168.71.1.
> >>
> >>
> >> He can get to the world as his default gateway is his router.
> >>
> >>
> >> I switched to push all traffic over the VPN to remove the split tunnel.
> >>
> >>
> >> He is able to ping the 10.1.2.1 gateway on the VR
> >>
> >>
> >> He is able to ping his gateway the VPC router 10.1.2.1.
> >>
> >>
> >> He is able to ping the VPC network's gateway 192.168.2.1
> >>
> >> He is unable to get to the world.  I try to ping google dns 8.8.8.8 and
> it doesnt' get past the VR 10.1.2.1 in traceroutes.
> >>
> >> I am looking for help on this as i'm confused.  If I change him back to
> a split tunnel as that would be prefered why is the tunnel not annoucing
> all networks know to the VR.
> >>
> >> I was able to recreate this issue on windows 8.1.
> >>
> >> ?Jeremy
>



-- 

Andrija Panić

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message